Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Cross-site request forgery protection for stateless, SAP security note 1551982

Description

This security note has been updated. For more detailed information, see Security Note 1670352.
The correction within this note only provide a framework for the XSRF protection. To secure a specific application there’s configuration and sometimes adaption effort required. For applications delivered by SAP check for corresponding notes that will set XSRF protection accordingly. If you would like to protect your own custom application please follow the detailed instructions described in note 1458171. Activation of protection for a stateless BSP and a stateful BSP is performed via the same configuration and adaption steps.

Available fix and Supported packages

  • SAP_BASIS | 620 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 730
  • SAP_BASIS | 731 | 731
  • SAP_BASIS 710 | SAPKB71013 |
  • SAP_BASIS 701 | SAPKB70110 |
  • SAP_BASIS 711 | SAPKB71108 |
  • SAP_BASIS 720 | SAPKB72006 |
  • SAP_BASIS 702 | SAPKB70209 |
  • SAP_BASIS 730 | SAPKB73004 |
  • SAP_BASIS 620 | SAPKB62071 |
  • SAP_BASIS 640 | SAPKB64029 |
  • SAP_BASIS 731 | SAPKB73101 |
  • SAP_BASIS 700 | SAPKB70026 |
  • SAP_BASIS 701 | SAPKB70111 |
  • SAP_BASIS 730 | SAPKB73005 |
  • SAP KERNEL 7.20 64-BIT | SP089 | 000089
  • SAP KERNEL 7.20 64-BIT UNICODE | SP089 | 000089

Affected component

    BC-BSP
    Business Server Pages

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1551982

TAGS

#CSRF
#XSRF

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer