• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1501646

Главная Специалистам База уязвимостей Не установлено обновление Note 1501646

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1501646-2) SAP Support Packages (CRM_JAVA_APPLICATIONS_50_SP017_000013, CRM_JAVA_APPLICATIONS_50_SP999999_999999, CRM_JAVA_APPLICATIONS_52_SP010_000014, CRM_JAVA_APPLICATIONS_52_SP999999_999999, CRM_JAVA_APPLICATIONS_60_SP007_000011, CRM_JAVA_APPLICATIONS_60_SP999999_999999, CRM_JAVA_APPLICATIONS_70_SP008_000009, CRM_JAVA_APPLICATIONS_70_SP999999_999999, CRM_JAVA_APPLICATIONS_701_SP003_000003, CRM_JAVA_APPLICATIONS_701_SP999999_999999, CRM_JAVA_COMPONENTS_50_SP017_000013, CRM_JAVA_COMPONENTS_50_SP999999_999999, CRM_JAVA_COMPONENTS_52_SP010_000014, CRM_JAVA_COMPONENTS_52_SP999999_999999, CRM_JAVA_COMPONENTS_60_SP007_000011, CRM_JAVA_COMPONENTS_60_SP999999_999999, CRM_JAVA_COMPONENTS_70_SP008_000009, CRM_JAVA_COMPONENTS_70_SP999999_999999, CRM_JAVA_COMPONENTS_701_SP003_000003, CRM_JAVA_COMPONENTS_701_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_50_SP017_000013, CRM_JAVA_WEB_COMPONENTS_50_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_52_SP010_000014, CRM_JAVA_WEB_COMPONENTS_52_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_60_SP007_000011, CRM_JAVA_WEB_COMPONENTS_60_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_70_SP008_000009, CRM_JAVA_WEB_COMPONENTS_70_SP999999_999999, CRM_JAVA_WEB_COMPONENTS_701_SP003_000003, CRM_JAVA_WEB_COMPONENTS_701_SP999999_999999, SAP_SHARED_JAVA_APPLIC_50_SP017_000013, SAP_SHARED_JAVA_APPLIC_50_SP999999_999999, SAP_SHARED_JAVA_APPLIC_52_SP010_000014, SAP_SHARED_JAVA_APPLIC_52_SP999999_999999, SAP_SHARED_JAVA_APPLIC_60_SP007_000011, SAP_SHARED_JAVA_APPLIC_60_SP999999_999999, SAP_SHARED_JAVA_APPLIC_70_SP008_000009, SAP_SHARED_JAVA_APPLIC_70_SP999999_999999, SAP_SHARED_JAVA_APPLIC_701_SP003_000003, SAP_SHARED_JAVA_APPLIC_701_SP999999_999999, SAP_SHARED_JAVA_COMP_701_SP003_000003, SAP_SHARED_JAVA_COMP_701_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_50_SP017_000013, SAP_SHARED_JAVA_COMPONENTS_50_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_52_SP010_000014, SAP_SHARED_JAVA_COMPONENTS_52_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_60_SP007_000011, SAP_SHARED_JAVA_COMPONENTS_60_SP999999_999999, SAP_SHARED_JAVA_COMPONENTS_70_SP008_000009, SAP_SHARED_JAVA_COMPONENTS_70_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_50_SP017_000013, SAP_SHARED_WEB_COMPONENTS_50_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_52_SP010_000014, SAP_SHARED_WEB_COMPONENTS_52_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_60_SP007_000011, SAP_SHARED_WEB_COMPONENTS_60_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_70_SP008_000009, SAP_SHARED_WEB_COMPONENTS_70_SP999999_999999, SAP_SHARED_WEB_COMPONENTS_701_SP003_000003, SAP_SHARED_WEB_COMPONENTS_701_SP999999_999999)
Описание
Web Channel applications execute certain functions by calling HTTP  requests with parameters. When a malicious user tricks an authenticated  user's browser into making certain requests, the malicious user can  execute functions in Web Channel applications with the rights of the  authenticated user. The malicious user may exploit a cross-site  scripting vulnerability to do this, or they may present a special link to the victim in the form of an email, for example.
Как исправить
Ссылки