• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1675153 - Unauthorized modification of displayed content in BW-BCT-PLA

Главная Специалистам База уязвимостей Note 1675153 - Unauthorized modification of displayed content in BW-BCT-PLA

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1675153-2) SAP Support Packages (SAPK-70507INBICONT, SAPK-70604INBICONT, SAPK-70701INBICONT, SAPK-73506INBICONT, SAPK-73603INBICONT, SAPK-74603INBICONT)
Описание
The function module UPARM_ADD_VIEW_TO_XML_STRING within BW-BCT-PLA-RAP  does not sufficiently encode input parameters by utilizing the current  XSS library methods for URL encoding, resulting in a general cross-site  scripting issue.  An attacker who gains access to this data may use it  to impersonate the user and access all information with the same rights  as the target user.  If an administrator is impersonated, the security of the application may be fully comprised.
Как исправить
Please implement the attached correction instruction(s).
As prerequisites for this Note, you must also implement Note 1582870 (ABAP XSS Escaping Support) and Note 1582867 (Security options (XSS) for ESCAPE).
Ссылки