• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1833139 - Potential false redirection of Web site content in EPM

Главная Специалистам База уязвимостей Note 1833139 - Potential false redirection of Web site content in EPM

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:N/C:N/I:P/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1833139-3)
Описание
Some pages within Performance Management enable a cross-domain  redirection to occur. An attacker can include a URL from a different  domain in a URL of the target application, which can then be sent to a  user of the target application. The user thinks that the content is from  the target application, but when they visit such a page, the content is delivered from the domain chosen by the attacker.The attacker can then mimic pages of the target application (for  example, a logon page) to get the victim to disclose information they  would not otherwise reveal to the attacker (such as their password).This can be mitigated by restricting redirections to relative or local domains only.
Как исправить
Issue is resolved in the following Support Packages:XI3.1 SP5 FP5XI3.1 SP6 FP1XI3.1 SP7 onwardIt is not relevant for BI4.0.
Ссылки