Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1525664-3)
SAP Support Packages
(SAPKH50024, SAPKH50025, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60504)
Описание
The BSP application executes certain functions through referencing specific URLs. When an attacker tricks an authenticated user#s browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the user. If present, the attacker may use a Cross Site Scripting attack to trigger the exploit, or use an approach in which a link to click is presented to the victim.
Как исправить
1. First, implement Note 1520324.
2. Implement the correction instructions contained in this note. When you do this, the report BSP_XSRF_PARAM_PLANT_MANAGER1 is created in your system.
3. Execute the report. Specify a transport request.
The report creates entries in the table BSPTEMPXSRFSTORE; these entries must be transported.
2. Implement the correction instructions contained in this note. When you do this, the report BSP_XSRF_PARAM_PLANT_MANAGER1 is created in your system.
3. Execute the report. Specify a transport request.
The report creates entries in the table BSPTEMPXSRFSTORE; these entries must be transported.
Ссылки