Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1519463-3)
SAP Support Packages
(SAP_EM_WCL_51_SP016_000000, SAP_EM_WCL_51_SP999999_999999, SAP_EM_WCL_70_SP006_000000, SAP_EM_WCL_70_SP999999_999999, SAP_SCM_WCL_41_SP021_000000, SAP_SCM_WCL_41_SP999999_999999, SAP_SCM_WCL_50_SP018_000001, SAP_SCM_WCL_50_SP999999_999999)
Описание
WCL (which contains Servlets/JSP pages) executes state changing functionality via referencing URLs. In certain scenarios, it is possible for an unauthorized and unauthenticated third party to trigger this functionality on behalf of an authorized authenticated user without the latter's knowledge and/or consent.
Как исправить
Ссылки