• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1509378

Главная Специалистам База уязвимостей Не установлено обновление Note 1509378

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1509378-2) SAP Support Packages (SAPKB62070, SAPKB64028, SAPKB70024, SAPKB70109, SAPKB70206, SAPKB70207, SAPKB71012, SAPKB71107, SAPKB72005, SAPKB73002, SAPKB73003)
Описание
The BSP ALRTPERS executes certain functions through referencing specific  URLs. When an attacker tricks an authenticated user#s browser into  making a request containing a certain URL and specific parameters, the functions are executed in the BSP ALRTPERS with the rights of the user.   If present, the attacker may use a Cross Site Scripting attack to  trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
Implement the correction instructions using the Note Assistant or import the relevant Support Package. If you use the Note Assistant to implement this note, note the following:
1. For more information and instructions, see Note 1520324. The corrections from Note 1520324 are a prerequisite for implementing this note.
2. Implement the attached correction instructions. When you do this, the report BSP_XSRF_PARAM_BC_SRV_GBT_ALM (among other things) is created in your system.
3. Execute the report BSP_XSRF_PARAM_BC_SRV_GBT_ALM and enter a transport request if necessary. The report is used to insert the relevant entries contained in this note for the BSP application into the database table BSPTEMPXSRFSTORE.
Ссылки