Unauthorized modification of displayed content in IS-Media, SAP security note 1496148

Description

The IS-Media could be abused by a malicious user, who could modify displayed application content without authorization and potentially obtain authentication information from other legitimate users.

Available fix and Supported packages

IS-M | 471 | 471
IS-M | 472 | 472
IS-M | 600 | 600
IS-M | 602 | 602
IS-M | 603 | 603
IS-M | 604 | 604
IS-M | 605 | 605
IS-M 605 | SAPK-60502INISM |
IS-M 471 | SAPKIPPM26 |
IS-M 472 | SAPKIPPN20 |
IS-M 600 | SAPK-60019INISM |
IS-M 602 | SAPK-60209INISM |
IS-M 603 | SAPK-60308INISM |
IS-M 604 | SAPK-60409INISM |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1496148

Vahagn Vardanian

Unauthorized modification of displayed content in IS-Media, SAP security note 1496148

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Reflected-Cross-Site-Scripting
#XSS

Explore More

SAP Security Patch Day – August 2025

SAP Security Training – Why Businesses Can’t Ignore It Anymore

SAP Security Patch Day – July 2025

Registration Open: SAP Security Training – August 2025 | Limited Seats

Vahagn Vardanian

Unauthorized modification of displayed content in IS-Media, SAP security note 1496148

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Reflected-Cross-Site-Scripting#XSS

Explore More

SAP Security Patch Day – August 2025

SAP Security Training – Why Businesses Can’t Ignore It Anymore

SAP Security Patch Day – July 2025

Registration Open: SAP Security Training – August 2025 | Limited Seats

Special offer for SAP Security Udemy course!

$ 9.99

#Reflected-Cross-Site-Scripting
#XSS