Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:N/I:P/A:NSAP)
Производитель ПО
Наименование ПО
SAP Notes
(1819984-3)
SAP Support Packages
(J2EE_ENGINE_LM_CORE_720_SP007_000008, J2EE_ENGINE_LM_CORE_720_SP008_000004, J2EE_ENGINE_LM_CORE_720_SP009_000001, J2EE_ENGINE_LM_CORE_720_SP999999_999999, J2EE_ENGINE_LM_CORE_730_SP007_000009, J2EE_ENGINE_LM_CORE_730_SP008_000004, J2EE_ENGINE_LM_CORE_730_SP009_000001, J2EE_ENGINE_LM_CORE_730_SP010_000000, J2EE_ENGINE_LM_CORE_730_SP999999_999999, J2EE_ENGINE_LM_CORE_731_SP003_000004, J2EE_ENGINE_LM_CORE_731_SP004_000004, J2EE_ENGINE_LM_CORE_731_SP005_000002, J2EE_ENGINE_LM_CORE_731_SP006_000002, J2EE_ENGINE_LM_CORE_731_SP007_000000, J2EE_ENGINE_LM_CORE_731_SP008_000000, J2EE_ENGINE_LM_CORE_731_SP999999_999999, J2EE_ENGINE_LM_CORE_740_SP002_000000, J2EE_ENGINE_LM_CORE_740_SP003_000000, J2EE_ENGINE_LM_CORE_740_SP999999_999999, SAP_KERNEL_720_32_BIT_SP418_000418, SAP_KERNEL_720_32_BIT_SP999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_SP418_000418, SAP_KERNEL_720_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_64_BIT_SP418_000418, SAP_KERNEL_720_64_BIT_SP999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_SP418_000418, SAP_KERNEL_720_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_32_BIT_SP110_000110, SAP_KERNEL_721_32_BIT_SP999999_999999, SAP_KERNEL_721_32_BIT_UNICODE_SP110_000110, SAP_KERNEL_721_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_64_BIT_SP110_000110, SAP_KERNEL_721_64_BIT_SP999999_999999, SAP_KERNEL_721_64_BIT_UNICODE_SP110_000110, SAP_KERNEL_721_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_SP110_000110, SAP_KERNEL_721_EXT_32_BIT_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_UC_SP110_000110, SAP_KERNEL_721_EXT_32_BIT_UC_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_SP110_000110, SAP_KERNEL_721_EXT_64_BIT_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_UC_SP110_000110, SAP_KERNEL_721_EXT_64_BIT_UC_SP999999_999999, SAP_KERNEL_738_64_BIT_SP015_000015, SAP_KERNEL_738_64_BIT_SP999999_999999, SAP_KERNEL_738_64_BIT_UNICODE_SP015_000015, SAP_KERNEL_738_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_740_64_BIT_SP007_000007, SAP_KERNEL_740_64_BIT_SP014_000014, SAP_KERNEL_740_64_BIT_SP999999_999999, SAP_KERNEL_740_64_BIT_UNICODE_SP007_000007, SAP_KERNEL_740_64_BIT_UNICODE_SP014_000014, SAP_KERNEL_740_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_803_64_BIT_UNICODE_SP035_000035, SAP_KERNEL_803_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_804_64_BIT_UNICODE_SP035_000035, SAP_KERNEL_804_64_BIT_UNICODE_SP999999_999999)
Описание
The root "crossdomain.xml" within AS Java does not sufficiently define permission parameters. As a result, a malicious user may perform a cross-domain redirection attack against a legitimate user.
Как исправить
Update your AS Java to an SP or release where the issue is fixed. See the SP Patch Level section for details and available patches.
Ссылки