• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1511594

Главная Специалистам База уязвимостей Не установлено обновление Note 1511594

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1511594-5) SAP Support Packages (SAPK-60019INECCDIMP, SAPK-60209INECCDIMP, SAPK-60308INECCDIMP, SAPK-60409INECCDIMP, SAPK-60503INECCDIMP, SAPKIPMH14)
Описание
BOS executes certain functions through referencing specific URLs. When  an attacker tricks an authenticated users browser into making a request  containing a certain URL and specific parameters, the function is  executed with the rights of the user. If present, the attacker may use a  Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
1. Refer to note 1481392 for additional information and instructions. The corrections from note 1481392 are a prerequisite for implementation of this note.

2. Implement the correction instructions of this note. This will also create the report RITS_XSRF_PARAM_BOS02 in your system.

3. Execute the report RITS_XSRF_PARAM_BOS02 and specify a corresponding transport request number when requested . The report will add service parameters for the adapted ITS services (maintained via the GUI configuration pushbutton for a service within transaction SICF).
Ссылки