Description
This security note has been updated. For more detailed information, see Security Note 1670352.
The correction within this note only provide a framework for the XSRF protection. To secure a specific application there’s configuration and sometimes adaption effort required. For applications delivered by SAP check for corresponding notes that will set XSRF protection accordingly. If you would like to protect your own custom application please follow the detailed instructions described in note 1458171. Activation of protection for a stateless BSP and a stateful BSP is performed via the same configuration and adaption steps.
Available fix and Supported packages
- SAP_BASIS | 620 | 640
- SAP_BASIS | 700 | 702
- SAP_BASIS | 710 | 730
- SAP_BASIS | 731 | 731
- SAP_BASIS 710 | SAPKB71013 |
- SAP_BASIS 701 | SAPKB70110 |
- SAP_BASIS 711 | SAPKB71108 |
- SAP_BASIS 720 | SAPKB72006 |
- SAP_BASIS 702 | SAPKB70209 |
- SAP_BASIS 730 | SAPKB73004 |
- SAP_BASIS 620 | SAPKB62071 |
- SAP_BASIS 640 | SAPKB64029 |
- SAP_BASIS 731 | SAPKB73101 |
- SAP_BASIS 700 | SAPKB70026 |
- SAP_BASIS 701 | SAPKB70111 |
- SAP_BASIS 730 | SAPKB73005 |
- SAP KERNEL 7.20 64-BIT | SP089 | 000089
- SAP KERNEL 7.20 64-BIT UNICODE | SP089 | 000089
Affected component
- BC-BSP
Business Server Pages
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1551982
