Input and output validation of some Web Dynpro applications, SAP security note 1277948

Description

For some of the delivered SAP E-Recruiting Web pages (Business Server Page (BSP) or Web Dynpro), there is a potential risk of cross-site scripting attacks.

Available fix and Supported packages

ERECRUIT | 300 | 300
ERECRUIT | 600 | 600
ERECRUIT | 603 | 603
ERECRUIT | 604 | 604
ERECRUIT 604 | SAPK-60402INERECRUIT |
ERECRUIT 300 | SAPK-30021INERECRUIT |
ERECRUIT 603 | SAPK-60305INERECRUIT |
ERECRUIT 600 | SAPK-60016INERECRUIT |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1277948

Vahagn Vardanian

Input and output validation of some Web Dynpro applications, SAP security note 1277948

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#CSS
#XSS
#cross-site-scripting
#cross-site-request-forgery

Explore More

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

SAP Security Patch Day – December 2024

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Vahagn Vardanian

Input and output validation of some Web Dynpro applications, SAP security note 1277948

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#CSS#XSS#cross-site-scripting#cross-site-request-forgery

Explore More

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

SAP Security Patch Day – December 2024

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Special offer for SAP Security Udemy course!

$ 9.99

#CSS
#XSS
#cross-site-scripting
#cross-site-request-forgery