SAP Note 1442517 - Unauthorized modification of displayed content-ISpeakAdapter

Composant : Industry Standard Adapter -

Solution : https://service.sap.com/sap/support/notes/1442517 (Connexion à SAP Service Marketplace requise)

Résumé :
The SAP Note addresses a security vulnerability in the ISpeakAdapter component, which could be exploited through reflected cross-site scripting (XSS) attacks. An attacker could modify displayed content and potentially capture authentication details from other users without authorization. The issue arises from inadequate input parameter encoding. Users are instructed to apply the provided patch relevant to their software release to mitigate this threat. The CVSS Base Score is 4.3, underlining a moderate risk that does not consider specific system configurations or operational environments.

Mots Clés :
terms reflected cross-site scripting, reflected cross-site scripting attack, reflected cross-site scripting issue, reflected cross-site scripting, cvss information cvss base score, sufficiently encode input parameters, potentially obtain authentication information, modify displayed application content, cvss base score, modify displayed content

Notes associées :

1576121SAP EhP1 for XI on Netweaver 7.00 SP09
1561929SAP EhP2 for Netweaver 7.00 SP07
1531912SAP EhP1 for XI on Netweaver 7.00 SP08
1530712NW04s XI Support Package Stack 23
1459565SAP EHP1 FOR SAP NETWEAVER PI 7.1 SP05