• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1680716 - Unauthorized modification of displayed content in MDSD Admin

Главная Специалистам База уязвимостей Note 1680716 - Unauthorized modification of displayed content in MDSD Admin

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1680716-4) SAP Support Packages (MDSD_30_SP003_000000, MDSD_30_SP999999_999999, XMDSD_21_SP003_000000, XMDSD_21_SP999999_999999)
Описание
MDSD Admin Console within MDSD does not sufficiently encode parameters,  resulting  in a reflected cross-site scripting issue.
A reflected cross-site scripting attack can be used to non-permanently  deface or modify displayed  content from a Web site.
Reflected  cross-site  scripting  can  be  used  to  steal  another   user's  authentication  information,  such as data relating to their  current session.  An attacker who gains access to this data may use it  to impersonate the user and access all information with the same rights as the target user.
If an administrator is impersonated, the security of the application may be fully compromised.
Как исправить
Deploy new version of MDSD Admin Console delivered with SAP Note 1582779.
Ссылки