Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1516177-1)
SAP Support Packages
(SAP_UCES_602_SP009_000000, SAP_UCES_602_SP999999_999999, SAP_UCES_604_SP009_000000, SAP_UCES_604_SP999999_999999)
Описание
SAP_UCES executes certain functions through referencing specific URLs. When an attacker tricks an authenticated user's browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the user.
If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
Please read note 1509214. All instruction given there for FSCM_BD is true for SAP_UCES too. Please keep in mind the "bd" from FSCM_BD is in case of SAP_UCES "bdisu" and in addition the jsps in folder isuExtensions are relevant for the changes on jsp.
Ссылки