Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1501646-2)
SAP Support Packages
(CRM_JAVA_APPLICATIONS_50_SP017_000013, CRM_JAVA_APPLICATIONS_50_SP999999_999999, CRM_JAVA_APPLICATIONS_52_SP010_000014, CRM_JAVA_APPLICATIONS_52_SP999999_999999, CRM_JAVA_APPLICATIONS_60_SP007_000011, CRM_JAVA_APPLICATIONS_60_SP999999_999999, CRM_JAVA_APPLICATIONS_70_SP008_000009, CRM_JAVA_APPLICATIONS_70_SP999999_999999, CRM_JAVA_APPLICATIONS_701_SP003_000003, CRM_JAVA_APPLICATIONS_701_SP999999_999999, CRM_JAVA_COMPONENTS_50_SP017_000013, CRM_JAVA_COMPONENTS_50_SP999999_999999, CRM_JAVA_COMPONENTS_52_SP010_000014, CRM_JAVA_COMPONENTS_52_SP999999_999999, CRM_JAVA_COMPONENTS_60_SP007_000011, CRM_JAVA_COMPONENTS_60_SP999999_999999, CRM_JAVA_COMPONENTS_70_SP008_000009, CRM_JAVA_COMPONENTS_70_SP999999_999999, CRM_JAVA_COMPONENTS_701_SP003_000003, CRM_JAVA_COMPONENTS_701_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_50_SP017_000013, CRM_JAVA_WEB_COMPONENTS_50_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_52_SP010_000014, CRM_JAVA_WEB_COMPONENTS_52_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_60_SP007_000011, CRM_JAVA_WEB_COMPONENTS_60_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_70_SP008_000009, CRM_JAVA_WEB_COMPONENTS_70_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_701_SP003_000003, CRM_JAVA_WEB_COMPONENTS_701_SP999999_999999, SAP_SHARED_JAVA_APPLIC_50_SP017_000013, SAP_SHARED_JAVA_APPLIC_50_SP999999_999999, SAP_SHARED_JAVA_APPLIC_52_SP010_000014, SAP_SHARED_JAVA_APPLIC_52_SP999999_999999, SAP_SHARED_JAVA_APPLIC_60_SP007_000011, SAP_SHARED_JAVA_APPLIC_60_SP999999_999999, SAP_SHARED_JAVA_APPLIC_70_SP008_000009, SAP_SHARED_JAVA_APPLIC_70_SP999999_999999, SAP_SHARED_JAVA_APPLIC_701_SP003_000003, SAP_SHARED_JAVA_APPLIC_701_SP999999_999999, SAP_SHARED_JAVA_COMP_701_SP003_000003, SAP_SHARED_JAVA_COMP_701_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_50_SP017_000013, SAP_SHARED_JAVA_COMPONENTS_50_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_52_SP010_000014, SAP_SHARED_JAVA_COMPONENTS_52_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_60_SP007_000011, SAP_SHARED_JAVA_COMPONENTS_60_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_70_SP008_000009, SAP_SHARED_JAVA_COMPONENTS_70_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_50_SP017_000013, SAP_SHARED_WEB_COMPONENTS_50_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_52_SP010_000014, SAP_SHARED_WEB_COMPONENTS_52_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_60_SP007_000011, SAP_SHARED_WEB_COMPONENTS_60_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_70_SP008_000009, SAP_SHARED_WEB_COMPONENTS_70_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_701_SP003_000003, SAP_SHARED_WEB_COMPONENTS_701_SP999999_999999)
Описание
Web Channel applications execute certain functions by calling HTTP requests with parameters. When a malicious user tricks an authenticated user's browser into making certain requests, the malicious user can execute functions in Web Channel applications with the rights of the authenticated user. The malicious user may exploit a cross-site scripting vulnerability to do this, or they may present a special link to the victim in the form of an email, for example.
Как исправить
Ссылки