Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1510620-1)
SAP Support Packages
(SAPK-60209INEAAPPL, SAPK-60308INEAAPPL, SAPK-60409INEAAPPL, SAPK-60503INEAAPPL, SAPKGPAD19)
Описание
Java Web Dynpro applications in Manager Self-Service financials execute functions that create table data in the back end. When a malicious user tricks an authenticated user#s browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the authenticated user. The malicious user may use a cross-site scripting attack to do this, or they may present a link to the victim.
Как исправить
Implement the program corrections.
Ссылки