Update #1 to Security Note 866020, SAP security note 1601461

Description

User inputs in Internet applications should not execute through conversion in a web application.
The security note 866020 describes the SAP provided encoding methods to encode user input.

Following the latest OWASP recommendations and to avoid incompatible changes SAP has created a new version of web encodings methods. This note is an update note to security note 866020.

Available fix and Supported packages

SAP_BASIS | 620 | 640
SAP_BASIS | 700 | 702
SAP_BASIS | 710 | 730
SAP_BASIS | 731 | 731

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1601461

Vahagn Vardanian

Update #1 to Security Note 866020, SAP security note 1601461

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#HTML-Encode
#HTML-Decode
#URL-Decode
#URL-Encode
#URL
#JavaScript
#CSS
#OWASP
#XSS-encode
#XSS-protection

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Vahagn Vardanian

Update #1 to Security Note 866020, SAP security note 1601461

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#HTML-Encode#HTML-Decode#URL-Decode#URL-Encode#URL#JavaScript#CSS#OWASP#XSS-encode#XSS-protection

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Special offer for SAP Security Udemy course!

$ 9.99

#HTML-Encode
#HTML-Decode
#URL-Decode
#URL-Encode
#URL
#JavaScript
#CSS
#OWASP
#XSS-encode
#XSS-protection