• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1763218 - Unauthorized modification of stored content in GRC AC 5.3

Главная Специалистам База уязвимостей Note 1763218 - Unauthorized modification of stored content in GRC AC 5.3

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
Производитель ПО
SAP
Наименование ПО
SAP Notes (1763218-7)
Описание
GRC AC 5.3 results in a stored cross-site scripting issue.It can be used  to permanently modify displayed content from a Web site, allowing the  attacker to embed content that is rendered automatically,without the  attacker having to target victims individually. Stored cross-site  scripting can also be used to steal another user's authentication  information, such as data relating to their current session. An attacker  who gains access to this data may use it to impersonate the user and  access all information with the same rights as the target user. If an  administrator is impersonated, the security of the application may be fully compromised.
Как исправить
Fixes are available in the SP20 release of GRC AC 5.3.
Ссылки