Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1507298-4)
SAP Support Packages
(SAPKB64027, SAPKB64028, SAPKB70023, SAPKB70024, SAPKB70108, SAPKB70109, SAPKB70206, SAPKB70207, SAPKB71012, SAPKB71106, SAPKB71107, SAPKB72004, SAPKB72005, SAPKB73002)
Описание
The alert configuration in the RWB executes certain functions through referencing specific URLs. When an attacker tricks an authenticated user#s browser into making a request containing a certain URL and specific parameters, functions of the alert configuration in the RWB are executed with the rights of the user. If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
Implement the attached correction instructions or import the relevant Support Package.
Note the following:
1. Read Note 1520324 for additional information and further instructions. The corrections from Note 1520324 are a prerequisite for implementing this note.
2. Implement the correction instructions contained in this note. In this case, the program BSP_XSRF_PARAM_BC_XI_IS_WKB is created in your system.
3. Execute the program and select the transport request when you are asked to do so. The program makes the relevant entries for the BSP applications that are adjusted with this note in the database table BSPTEMPXSRFSTORE.
Note the following:
1. Read Note 1520324 for additional information and further instructions. The corrections from Note 1520324 are a prerequisite for implementing this note.
2. Implement the correction instructions contained in this note. In this case, the program BSP_XSRF_PARAM_BC_XI_IS_WKB is created in your system.
3. Execute the program and select the transport request when you are asked to do so. The program makes the relevant entries for the BSP applications that are adjusted with this note in the database table BSPTEMPXSRFSTORE.
Ссылки