• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1507294

Главная Специалистам База уязвимостей Не установлено обновление Note 1507294

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1507294-5) SAP Support Packages (SRM_MDM_CATALOG_20_SP000_000000, SRM_MDM_CATALOG_20_SP999999_999999, SRM_MDM_CATALOG_30_SP009_000000, SRM_MDM_CATALOG_30_SP999999_999999, SRM_MDM_CATALOG_701_SP002_000000, SRM_MDM_CATALOG_701_SP999999_999999, SRM_MDM_CATALOG_702_SP000_000000, SRM_MDM_CATALOG_702_SP999999_999999)
Описание
SRM-MDM Catalog executes certain functions through referencing specific  URLs. When an attacker tricks an authenticated user's browser into  making a request containing a certain URL and specific parameters, the function is executed with the rights of the user.
If present, the attacker may use a Cross Site Scripting attack to  trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
The changes done for fixing XSRF Related issues is available from SRM-MDM Catalog 7.01 SP02 Patch00.
You can find SRM-MDM Catalog 7.01 SP02 Patch00 in the Support Package and Patch Area of the Service Marketplace.
Ссылки