• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1516872

Главная Специалистам База уязвимостей Не установлено обновление Note 1516872

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1516872-5) SAP Support Packages (SAPK-60209INEAGLTRAD, SAPK-60308INEAGLTRAD, SAPK-60409INEAGLTRAD, SAPK-60503INEAGLTRAD, SAPKGPGB21, SAPKGPGC25, SAPKGPGC26, SAPKGPGD19)
Описание
TC@NET executes certain functions through referencing specific URLs.  When an attacker tricks an authenticated user's browser into making a  request containing a certain URL and specific parameters, the function is executed with the rights of the user.
If present, the attacker may use a Cross Site Scripting attack to  trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
Implement the correction instructions or import the Support Package that is specified in this note.

Note the following:
1. Refer to note 1520324 for additional information and instructions. The corrections from note 1520324 are a prerequisite for implementation of this note.
2. Implement the correction instructions of this note. This will also create depending on your release the following report in your system:
Release 604: BSP_XSRF_PARAM_LO_GTM_TC_604
Release 603: BSP_XSRF_PARAM_LO_GTM_TC_603
Release 602: BSP_XSRF_PARAM_LO_GTM_TC_602
Release 600: BSP_XSRF_PARAM_LO_GTM_TC_600
Release 500: BSP_XSRF_PARAM_LO_GTM_TC_500
Release 200: BSP_XSRF_PARAM_LO_GTM_TC_200
3. Execute the report and specify when requested a corresponding transport request number. The report will fill the database table BSPTEMPXSRFSTORE with corresponding table entries for the BSP applications adapted by this note.
Ссылки