Description
The HTML Business for Java could be abused by a malicious user, who could modify application content, persist the modified content without authorization, and potentially obtain authentication information from other legitimate users.
Available fix and Supported packages
- EPBC2 | 7.00 | 7.02
- EPBC2 | 7.10 | 7.10
- EPBASIS | 7.10 | 7.10
- EP-CM | 6.0_640 | 6.0_640
- SAP_JTECHS | 7.00 | 7.02
- EP-BASIS | 7.30 | 7.30
- NWCEIDE | 7.10 | 7.10
- NWCEIDE | 7.11 | 7.11
- NWCEIDE | 7.20 | 7.20
- NWCEIDE | 7.30 | 7.30
- FRAMEWORK-EXT | 7.30 | 7.30
- FRAMEWORK | 7.10 | 7.11
- FRAMEWORK | 7.20 | 7.20
- FRAMEWORK | 7.30 | 7.30
- CM+COLLABORATION 6.0_640 | SP025 | 000003
- CM+COLLABORATION 6.0_640 | SP026 | 000002
- CM+COLLABORATION 6.0_640 | SP027 | 000000
- FRAMEWORK EXTENSIONS 7.30 | SP000 | 000000
- JAVA FRAMEWORK OFFLINE 7.10 | SP007 | 000013
- JAVA FRAMEWORK OFFLINE 7.10 | SP008 | 000006
- JAVA FRAMEWORK OFFLINE 7.10 | SP009 | 000002
- JAVA FRAMEWORK OFFLINE 7.10 | SP010 | 000001
- JAVA FRAMEWORK OFFLINE 7.10 | SP011 | 000000
- JAVA FRAMEWORK OFFLINE 7.11 | SP003 | 000014
- JAVA FRAMEWORK OFFLINE 7.11 | SP004 | 000007
- JAVA FRAMEWORK OFFLINE 7.11 | SP005 | 000001
- JAVA FRAMEWORK OFFLINE 7.11 | SP006 | 000000
- JAVA FRAMEWORK OFFLINE 7.20 | SP002 | 000005
- JAVA FRAMEWORK OFFLINE 7.20 | SP003 | 000001
- JAVA FRAMEWORK OFFLINE 7.20 | SP004 | 000000
- NW CE DEVELOPER STUDIO 7.10 | SP007 | 000006
- NW CE DEVELOPER STUDIO 7.10 | SP008 | 000004
- NW CE DEVELOPER STUDIO 7.10 | SP009 | 000003
- NW CE DEVELOPER STUDIO 7.10 | SP010 | 000001
Affected component
- EP-PDK-HBJ
HTMLB Business for Java
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1462328
