• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1819984 - Potential illegal redirection of Web site content in AS Java

Главная Специалистам База уязвимостей Note 1819984 - Potential illegal redirection of Web site content in AS Java

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:N/I:P/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1819984-3) SAP Support Packages (J2EE_ENGINE_LM_CORE_720_SP007_000008, J2EE_ENGINE_LM_CORE_720_SP008_000004, J2EE_ENGINE_LM_CORE_720_SP009_000001, J2EE_ENGINE_LM_CORE_720_SP999999_999999, J2EE_ENGINE_LM_CORE_730_SP007_000009, J2EE_ENGINE_LM_CORE_730_SP008_000004, J2EE_ENGINE_LM_CORE_730_SP009_000001, J2EE_ENGINE_LM_CORE_730_SP010_000000, J2EE_ENGINE_LM_CORE_730_SP999999_999999, J2EE_ENGINE_LM_CORE_731_SP003_000004, J2EE_ENGINE_LM_CORE_731_SP004_000004, J2EE_ENGINE_LM_CORE_731_SP005_000002, J2EE_ENGINE_LM_CORE_731_SP006_000002, J2EE_ENGINE_LM_CORE_731_SP007_000000, J2EE_ENGINE_LM_CORE_731_SP008_000000, J2EE_ENGINE_LM_CORE_731_SP999999_999999, J2EE_ENGINE_LM_CORE_740_SP002_000000, J2EE_ENGINE_LM_CORE_740_SP003_000000, J2EE_ENGINE_LM_CORE_740_SP999999_999999, SAP_KERNEL_720_32_BIT_SP418_000418, SAP_KERNEL_720_32_BIT_SP999999_999999, SAP_KERNEL_720_32_BIT_UNICODE_SP418_000418, SAP_KERNEL_720_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_720_64_BIT_SP418_000418, SAP_KERNEL_720_64_BIT_SP999999_999999, SAP_KERNEL_720_64_BIT_UNICODE_SP418_000418, SAP_KERNEL_720_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_32_BIT_SP110_000110, SAP_KERNEL_721_32_BIT_SP999999_999999, SAP_KERNEL_721_32_BIT_UNICODE_SP110_000110, SAP_KERNEL_721_32_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_64_BIT_SP110_000110, SAP_KERNEL_721_64_BIT_SP999999_999999, SAP_KERNEL_721_64_BIT_UNICODE_SP110_000110, SAP_KERNEL_721_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_SP110_000110, SAP_KERNEL_721_EXT_32_BIT_SP999999_999999, SAP_KERNEL_721_EXT_32_BIT_UC_SP110_000110, SAP_KERNEL_721_EXT_32_BIT_UC_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_SP110_000110, SAP_KERNEL_721_EXT_64_BIT_SP999999_999999, SAP_KERNEL_721_EXT_64_BIT_UC_SP110_000110, SAP_KERNEL_721_EXT_64_BIT_UC_SP999999_999999, SAP_KERNEL_738_64_BIT_SP015_000015, SAP_KERNEL_738_64_BIT_SP999999_999999, SAP_KERNEL_738_64_BIT_UNICODE_SP015_000015, SAP_KERNEL_738_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_740_64_BIT_SP007_000007, SAP_KERNEL_740_64_BIT_SP014_000014, SAP_KERNEL_740_64_BIT_SP999999_999999, SAP_KERNEL_740_64_BIT_UNICODE_SP007_000007, SAP_KERNEL_740_64_BIT_UNICODE_SP014_000014, SAP_KERNEL_740_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_803_64_BIT_UNICODE_SP035_000035, SAP_KERNEL_803_64_BIT_UNICODE_SP999999_999999, SAP_KERNEL_804_64_BIT_UNICODE_SP035_000035, SAP_KERNEL_804_64_BIT_UNICODE_SP999999_999999)
Описание
The root "crossdomain.xml" within AS Java does not sufficiently define  permission parameters. As a result, a malicious user may perform a cross-domain redirection attack against a legitimate user.
Как исправить
Update your AS Java to an SP or release where the issue is fixed. See the SP Patch Level section for details and available patches.
Ссылки