Description
Insufficient HTML escaping could be used by a malicious user to modify displayed application content without authorization and potentially obtain authentication information from other legitimate users.
Available fix and Supported packages
- KRNL32NUC | 6.40 | 6.40EX2
- KRNL32NUC | 7.00 | 7.01
- KRNL32UC | 6.40 | 6.40EX2
- KRNL32UC | 7.00 | 7.01
- KRNL64NUC | 6.40 | 6.40EX2
- KRNL64NUC | 7.00 | 7.01
- KRNL64UC | 6.40 | 6.40EX2
- KRNL64UC | 7.00 | 7.01
- KERNEL | 6.40 | 6.40
- KERNEL | 7.00 | 7.01
- SAP KERNEL 6.40 32-BIT | SP345 | 000345
- SAP KERNEL 6.40 32-BIT UNICODE | SP345 | 000345
- SAP KERNEL 6.40 64-BIT | SP345 | 000345
- SAP KERNEL 6.40 64-BIT UNICODE | SP345 | 000345
- SAP KERNEL 6.40_EX2 32-BIT | SP345 | 000345
- SAP KERNEL 6.40_EX2 32-BIT UC | SP345 | 000345
- SAP KERNEL 6.40_EX2 64-BIT | SP345 | 000345
- SAP KERNEL 6.40_EX2 64-BIT UC | SP345 | 000345
- SAP KERNEL 7.00 32-BIT | SP270 | 000270
- SAP KERNEL 7.00 32-BIT UNICODE | SP270 | 000270
- SAP KERNEL 7.00 64-BIT | SP270 | 000270
- SAP KERNEL 7.00 64-BIT UNICODE | SP270 | 000270
- SAP KERNEL 7.01 32-BIT | SP109 | 000109
- SAP KERNEL 7.01 32-BIT UNICODE | SP109 | 000109
- SAP KERNEL 7.01 64-BIT | SP109 | 000109
- SAP KERNEL 7.01 64-BIT UNICODE | SP109 | 000109
Affected component
- BC-CST-IC
Internet Communication Manager
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1502781
