• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1806098 - Unauthorized Use of Application Functions in REST Interface

Главная Специалистам База уязвимостей Note 1806098 - Unauthorized Use of Application Functions in REST Interface

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1806098-4) SAP Support Packages (NW_IDM_72_UIS_FOR_NW_710_SP007_000001, NW_IDM_72_UIS_FOR_NW_710_SP999999_999999)
Описание
The SAP NetWeaver Identity Management 7.2 REST interface with version  identifier "v72alpha" executes certain functions by referencing specific URLs.When an attacker tricks an authenticated user's browser into making a  request containing a certain URL and specific parameters, the function  is executed with the rights of the authenticated user. This applies to  all modification operations provided by the REST interface.The attacker may use a cross-site scripting attack to do this, or they may present a link to the victim.
Как исправить
Ссылки