• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1519052

Главная Специалистам База уязвимостей Не установлено обновление Note 1519052

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1519052-5) SAP Support Packages (SAPKH50024, SAPKH50025, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60503)
Описание
The IACs execute certain functions through referencing specific URLs.  When an attacker tricks an authenticated user#s browser into making a  request containing a certain URL and specific parameters, the function  is executed with the rights of the user in LE-SHP. If present, the  attacker may use a Cross Site Scripting attack to trigger the exploit,  or use an approach in which a link to click is presented to the victim.
Как исправить
1. Note1481392 contains additional information and instructions. The corrections from Note 1481392 are a prerequisite for implementing this note.
2. Implement the attached correction instructions. These also generate the report ITS_XSRF_PARAM_LE_602 in your system.
3. Execute the report ITS_XSRF_PARAM_LE_602 and specify a corresponding transfer order number (if required). The report adds service parameters for the adjusted ITS services (maintain using the GUI configuration pushbutton for a service with transaction SICF).
Ссылки