Description
BSP Test Application sbspext_table allows an unauthenticated attacker to send polluted URL to the victim, hence allowing Reflected Cross site scripting.
Information available in the victim’s web browser can be read, modified, and sent to the attacker. No sensitive data is disclosed to the attacker as the attack is possible only in test application and service disruption is not possible as part of the impacts.
Available fix and Supported packages
- SAP_BASIS | 700 | 702
- SAP_BASIS | 730 | 730
- SAP_BASIS | 731 | 731
- SAP_BASIS | 740 | 740
- SAP_BASIS | 750 | 755
- SAP_BASIS 700 | SAPKB70038 |
- SAP_BASIS 701 | SAPKB70123 |
- SAP_BASIS 702 | SAPKB70223 |
- SAP_BASIS 730 | SAPKB73021 |
- SAP_BASIS 751 | SAPK-75111INSAPBASIS |
- SAP_BASIS 752 | SAPK-75207INSAPBASIS |
- SAP_BASIS 753 | SAPK-75305INSAPBASIS |
- SAP_BASIS 754 | SAPK-75403INSAPBASIS |
- | SAPK-782BHINSAPBASIS |
- SAP_BASIS 731 | SAPKB73128 |
- SAP_BASIS 740 | SAPKB74025 |
- SAP_BASIS 755 | SAPK-75501INSAPBASIS |
- SAP_BASIS 750 | SAPK-75020INSAPBASIS |
Affected component
- BC-BSP
Business Server Pages
CVSS
Score: 6.1
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2948239
