• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1508281

Главная Специалистам База уязвимостей Не установлено обновление Note 1508281

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1508281-11) SAP Support Packages (SAPKB64028, SAPKB70023, SAPKB70108, SAPKB70206, SAPKB71012, SAPKB71107, SAPKB72005, SAPKB73002)
Описание
BC-SRV-RM executes certain functions through referencing specific URLs.  When an attacker tricks an authenticated user's browser into making a  request containing a certain URL and specific parameters, the function is executed with the rights of the user.

If present, the attacker may use a Cross Site Scripting attack to  trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
Implement the correction instructions or import the relevant Support Package.



------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_BASIS SAP Basis compo...|
| Release 640 SAPKB64001 - SAPKB64027 |
| Release 700 SAPKB70001 - SAPKB70022 |
| Release 710 SAPKB71001 - SAPKB71011 |
| Release 711 SAPKB71101 - SAPKB71106 |
| Release 701 SAPKB70101 - SAPKB70107 |
| Release 702 Until SAPKB70206 |
| Release 730 SAPKB73001 - SAPKB73001 |
| Release 720 SAPKB72001 - SAPKB72004 |
------------------------------------------------------------------------

Pre-implementation instruction for -

1. Go to transaction SE80

2. Choose BSP application

3. Enter SRM_DEMO_BSPEXT. Then Goto properties tab -

i. Tick-mark the "XSRF Protection" flag of the BSP
application.
ii. Expand the tree view 'Pages with flow logic".

iii. Then double click on "example2.htm".

iv. in the properties tab Tick Mark 'Start BSP' checkbox.

v. Save & activate the application.

4. Enter SRM_DEMO_RECORD. Then Goto properties tab -

i. Tick-mark the "XSRF Protection" flag of the BSP
application.

ii. Expand the tree view 'Pages with flow logic"

iii. Double click on "session.htm".

iv. In the properties tab tick mark 'Start BSP' checkbox.

v. Save & activate the application.

5. End
Ссылки