• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1851123 - Potential false redirection of Web site content in BSP

Главная Специалистам База уязвимостей Note 1851123 - Potential false redirection of Web site content in BSP

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:L/AU:N/C:P/I:P/A:NSAP)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1851123-3) SAP Support Packages (SAPKB70029, SAPKB70114, SAPKB70214, SAPKB71017, SAPKB71112, SAPKB72008, SAPKB73010, SAPKB73109, SAPKB74003)
Описание
Some pages within IT00 enable a cross-domain redirection to occur. An  attacker can include a URL from a different domain in a URL of the  target application, which can then be sent to a user of the target  application. The user thinks that the content is from the target  application, but when they visit such a page, the content is delivered from the domain chosen by the attacker.The attacker can then mimic pages of the target application (for  example, a logon page) to get the victim to disclose information they  would not otherwise reveal to the attacker (such as their password).  This can be mitigated by restricting redirections to relative or local domains only.
Как исправить
Please install correction instructions attached to the note.
Ссылки