Description
Problems with cross side scripting might exist in CMS (Change Management Service) of NWDI (NetWeaver Development Infrastructure)
CMS (Change Management Service) of NWDI (NetWeaver Development Infrastructure) can be abused by a malicious user, allowing them to modify application content, persist the modified content, and to potentially obtain authentication information from other legitimate users.
Available fix and Supported packages
- DI_CMS | 7.00 | 7.02
- DI_CMS | 7.10 | 7.11
- DI_CMS | 7.20 | 7.20
- DI_CMS | 7.30 | 7.30
- DI_CMS | 7.31 | 7.31
- SAP_DEVINF | 6.40 | 6.40
- DI CHANGE MGMT. SERVER 7.01 | SP007 | 000002
- DI CHANGE MGMT. SERVER 7.01 | SP008 | 000001
- DI CHANGE MGMT. SERVER 7.01 | SP009 | 000001
- DI CHANGE MGMT. SERVER 7.01 | SP010 | 000001
- DI CHANGE MGMT. SERVER 7.01 | SP011 | 000000
- DI CHANGE MGMT. SERVER 7.02 | SP004 | 000002
- DI CHANGE MGMT. SERVER 7.02 | SP005 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP006 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP007 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP008 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP009 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP010 | 000000
- DI CHANGE MGMT. SERVER 7.00 | SP022 | 000003
- DI CHANGE MGMT. SERVER 7.00 | SP023 | 000001
- DI CHANGE MGMT. SERVER 7.00 | SP024 | 000002
- DI CHANGE MGMT. SERVER 7.00 | SP025 | 000001
- DI CHANGE MGMT. SERVER 7.00 | SP026 | 000000
- DI CHANGE MGMT. SERVER 7.10 | SP014 | 000000
- DI CHANGE MGMT. SERVER 7.11 | SP005 | 000002
- DI CHANGE MGMT. SERVER 7.11 | SP006 | 000001
Affected component
- BC-CTS-CMS
Change Management Service
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1617221
