Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1536474-1)
Описание
SAP ME MFG 5.2 executes state changing functionality via referencing URLs. In certain scenarios, it is possible for an unauthorized and unauthenticated third party to trigger this functionality on behalf of an authorized authenticated user without the latter's knowledge and/or consent.
Как исправить
XSRF attacks have to be addressed inside Web applications. These applications must ensure that for state changing operations they are not relying only on credentials or tokens that are automatically submitted by browsers. A common approach is including a special token in each request, which is associated with the user session and is valid only for the session lifetime.
To correct this issue please apply the supplied security patch 5.2.5.1
To correct this issue please apply the supplied security patch 5.2.5.1
Ссылки