Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1806098-4)
SAP Support Packages
(NW_IDM_72_UIS_FOR_NW_710_SP007_000001, NW_IDM_72_UIS_FOR_NW_710_SP999999_999999)
Описание
The SAP NetWeaver Identity Management 7.2 REST interface with version identifier "v72alpha" executes certain functions by referencing specific URLs.When an attacker tricks an authenticated user's browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the authenticated user. This applies to all modification operations provided by the REST interface.The attacker may use a cross-site scripting attack to do this, or they may present a link to the victim.
Как исправить
Ссылки