Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1519052-5)
SAP Support Packages
(SAPKH50024, SAPKH50025, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60503)
Описание
The IACs execute certain functions through referencing specific URLs. When an attacker tricks an authenticated user#s browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the user in LE-SHP. If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
1. Note1481392 contains additional information and instructions. The corrections from Note 1481392 are a prerequisite for implementing this note.
2. Implement the attached correction instructions. These also generate the report ITS_XSRF_PARAM_LE_602 in your system.
3. Execute the report ITS_XSRF_PARAM_LE_602 and specify a corresponding transfer order number (if required). The report adds service parameters for the adjusted ITS services (maintain using the GUI configuration pushbutton for a service with transaction SICF).
2. Implement the attached correction instructions. These also generate the report ITS_XSRF_PARAM_LE_602 in your system.
3. Execute the report ITS_XSRF_PARAM_LE_602 and specify a corresponding transfer order number (if required). The report adds service parameters for the adjusted ITS services (maintain using the GUI configuration pushbutton for a service with transaction SICF).
Ссылки