Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Adobe SDK XSS vulnerability – Flex, SAP security note 2393021

Description

The binaries of wd.flex project consumed in developing flex applications are shown to be vulnerable. The vulnerability can be detected via dowloading the Adobe tool from the below link.

https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html#main_main_solution

The adobe tool has also been attached in this note.

Available fix and Supported packages

  • WD-FLEX | 7.20 | 7.20
  • WD-FLEX | 7.30 | 7.30
  • WD-FLEX | 7.31 | 7.31
  • WD-FLEX | 7.40 | 7.40
  • WD-FLEX | 7.50 | 7.50
  • WEB DYNPRO FLEX CLIENT 7.20 | SP009 | 000001
  • WEB DYNPRO FLEX CLIENT 7.30 | SP016 | 000001
  • WEB DYNPRO FLEX CLIENT 7.30 | SP017 | 000000
  • WEB DYNPRO FLEX CLIENT 7.31 | SP019 | 000001
  • WEB DYNPRO FLEX CLIENT 7.31 | SP020 | 000000
  • WEB DYNPRO FLEX CLIENT 7.40 | SP014 | 000001
  • WEB DYNPRO FLEX CLIENT 7.40 | SP015 | 000000
  • WEB DYNPRO FLEX CLIENT 7.50 | SP005 | 000001
  • WEB DYNPRO FLEX CLIENT 7.50 | SP006 | 000001
  • WEB DYNPRO FLEX CLIENT 7.50 | SP007 | 000000

Affected component

    BC-WD-CLT-FLX
    Flex

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2393021

TAGS

#Web-dynpro-flex
#Web-dynpro-java
#Flash-Islands
#Flex-application

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.