Solution : https://service.sap.com/sap/support/notes/1442517 (Connexion à SAP Service Marketplace requise)
Résumé :
The SAP Note addresses a security vulnerability in the ISpeakAdapter component, which could be exploited through reflected cross-site scripting (XSS) attacks. An attacker could modify displayed content and potentially capture authentication details from other users without authorization. The issue arises from inadequate input parameter encoding. Users are instructed to apply the provided patch relevant to their software release to mitigate this threat. The CVSS Base Score is 4.3, underlining a moderate risk that does not consider specific system configurations or operational environments.
Mots Clés :
terms reflected cross-site scripting, reflected cross-site scripting attack, reflected cross-site scripting issue, reflected cross-site scripting, cvss information cvss base score, sufficiently encode input parameters, potentially obtain authentication information, modify displayed application content, cvss base score, modify displayed content
Notes associées :
1576121 | SAP EhP1 for XI on Netweaver 7.00 SP09 |
1561929 | SAP EhP2 for Netweaver 7.00 SP07 |
1531912 | SAP EhP1 for XI on Netweaver 7.00 SP08 |
1530712 | NW04s XI Support Package Stack 23 |
1459565 | SAP EHP1 FOR SAP NETWEAVER PI 7.1 SP05 |