Карточка уязвимости
Характеристики уязвимости
Уровень опасности
Оценка CVSS
Производитель ПО
Наименование ПО
SAP Notes
(1772190-1)
SAP Support Packages
(SAPK-60016INCRMUIF, SAPK-70013INWEBCUIF, SAPK-70110INWEBCUIF, SAPK-73005INWEBCUIF, SAPK-73106INWEBCUIF, SAPK-74601INWEBCUIF)
Описание
WEBCUIF executes certain functions by referencing specific URLs. When an attacker tricks an authenticated user's browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the authenticated user. The attacker may use a cross-site scripting attack to do this, or they may present a link to the victim.
Как исправить
Ссылки