Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1507294-5)
SAP Support Packages
(SRM_MDM_CATALOG_20_SP000_000000, SRM_MDM_CATALOG_20_SP999999_999999, SRM_MDM_CATALOG_30_SP009_000000, SRM_MDM_CATALOG_30_SP999999_999999, SRM_MDM_CATALOG_701_SP002_000000, SRM_MDM_CATALOG_701_SP999999_999999, SRM_MDM_CATALOG_702_SP000_000000, SRM_MDM_CATALOG_702_SP999999_999999)
Описание
SRM-MDM Catalog executes certain functions through referencing specific URLs. When an attacker tricks an authenticated user's browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the user.
If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
The changes done for fixing XSRF Related issues is available from SRM-MDM Catalog 7.01 SP02 Patch00.
You can find SRM-MDM Catalog 7.01 SP02 Patch00 in the Support Package and Patch Area of the Service Marketplace.
You can find SRM-MDM Catalog 7.01 SP02 Patch00 in the Support Package and Patch Area of the Service Marketplace.
Ссылки