Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1511193-4)
SAP Support Packages
(SAPKB64027, SAPKB70023, SAPKB70108, SAPKB70206, SAPKB70207, SAPKB71013, SAPKB71108)
Описание
Attacker executes certain functions through referencing specific URLs. When an attacker tricks an authenticated users browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the user. If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
"XSRF Protection" has been activated for the CCMS Monitoring Console. Pleaase import the relevant Support Package.
Ссылки