Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1675153-2)
SAP Support Packages
(SAPK-70507INBICONT, SAPK-70604INBICONT, SAPK-70701INBICONT, SAPK-73506INBICONT, SAPK-73603INBICONT, SAPK-74603INBICONT)
Описание
The function module UPARM_ADD_VIEW_TO_XML_STRING within BW-BCT-PLA-RAP does not sufficiently encode input parameters by utilizing the current XSS library methods for URL encoding, resulting in a general cross-site scripting issue. An attacker who gains access to this data may use it to impersonate the user and access all information with the same rights as the target user. If an administrator is impersonated, the security of the application may be fully comprised.
Как исправить
Please implement the attached correction instruction(s).
As prerequisites for this Note, you must also implement Note 1582870 (ABAP XSS Escaping Support) and Note 1582867 (Security options (XSS) for ESCAPE).
As prerequisites for this Note, you must also implement Note 1582870 (ABAP XSS Escaping Support) and Note 1582867 (Security options (XSS) for ESCAPE).
Ссылки