• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Не установлено обновление Note 1536474

Главная Специалистам База уязвимостей Не установлено обновление Note 1536474

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1536474-1)
Описание
SAP ME MFG 5.2 executes state changing functionality via referencing  URLs. In certain scenarios, it is possible for an unauthorized and  unauthenticated third party to trigger this functionality on behalf of  an authorized authenticated user without the latter's knowledge and/or consent.
Как исправить
XSRF attacks have to be addressed inside Web applications. These applications must ensure that for state changing operations they are not relying only on credentials or tokens that are automatically submitted by browsers. A common approach is including a special token in each request, which is associated with the user session and is valid only for the session lifetime.

To correct this issue please apply the supplied security patch 5.2.5.1
Ссылки