• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1524390

Главная Специалистам База уязвимостей Не установлено обновление Note 1524390

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1524390-6) SAP Support Packages (SAPKH50024, SAPKH50025, SAPKH60019, SAPKH60209, SAPKH60308, SAPKH60409, SAPKH60504)
Описание
The internet kanban executes certain functions through referencing  specific URLs. When an attacker tricks an authenticated user#s browser  into making a request containing a certain URL and specific parameters,  the function is executed with the rights of the user. If present, the  attacker may use a Cross Site Scripting attack to trigger the exploit,  or use an approach in which a link to click is presented to the victim.
Как исправить
1. Note 1481392 contains additional information and instructions. The corrections from Note 1481392 are a prerequisite for the implementation of this note.
2. Implement the correction instructions that are relevant for your release. As a result, the report ITS_XSRF_PARAM_PK_500_605 is also created in your system.
3. Execute the report ITS_XSRF_PARAM_PK_500_605 and specify a corresponding transport order number when requested. The report adds service parameters for the adjusted ITS services (that were maintained using the pushbutton for the GUI configuration for a service in transaction SICF).
------------------------------------------------------------------------
|Manual Pre-Implement. |
------------------------------------------------------------------------
|VALID FOR |
|Software Component SAP_APPL SAP Application |
| Release 500 Until SAPKH50024 |
| Release 600 Until SAPKH60018 |
| Release 602 Until SAPKH60208 |
| Release 603 Until SAPKH60307 |
| Release 604 Until SAPKH60408 |
| Release 605 Until SAPKH60503 |
------------------------------------------------------------------------

Refer to the long text.
Ссылки