• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1517963

Главная Специалистам База уязвимостей Не установлено обновление Note 1517963

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1517963-3) SAP Support Packages (SAPKB64028, SAPKB70024, SAPKB70109, SAPKB70207, SAPKB71012, SAPKB71107, SAPKB72005, SAPKB73002)
Описание
Specified Internet services execute certain functions through  referencing specific URLs. When an attacker tricks an authenticated user#s browser into making a request containing a certain URL and specific parameters, the functions are executed in the Business  Workflow area with the rights of the user.  If present, the attacker may  use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
Implement the correction instructions or import the Support Package that is specified in this note.
Note the following:

1. Read Note 1481392 for additional information and further instructions. The corrections from Note 1481392 are a prerequisite for implementing this note.
2. Implement the correction instructions contained in this note. In this case, the program ITS_XSRF_PARAM_BC_BMT_WFM (among other things) is created in your system.
3. Execute the program ITS_XSRF_PARAM_BC_BMT_WFM and select the transport request when asked to do so. The program adds the service parameters (that are maintained via the pushbutton for the GUI configuration in the service in transaction SICF) for the adjusted ITS services.
Ссылки