Skip links

Whitelist based Clickjacking Framing Protection in Enterprise Portal, SAP security note 2169722

Description

Enterprise Portal does not protect its applications against Clickjacking attacks.

Available fix and Supported packages

  • EPBC2 | 7.00 | 7.02
  • EP-BASIS | 7.10 | 7.11
  • EP-BASIS | 7.20 | 7.20
  • EP-BASIS | 7.30 | 7.30
  • EP-BASIS | 7.31 | 7.31
  • EP-BASIS | 7.40 | 7.40
  • EP-BASIS | 7.50 | 7.50
  • EP-RUNTIME | 7.10 | 7.11
  • EP-RUNTIME | 7.20 | 7.20
  • EP-RUNTIME | 7.30 | 7.30
  • EP-RUNTIME | 7.31 | 7.31
  • EP-RUNTIME | 7.40 | 7.40
  • EP-RUNTIME | 7.50 | 7.50
  • EPBC | 7.00 | 7.02
  • EP RUNTIME 7.11 | SP016 | 000000
  • EP RUNTIME 7.20 | SP009 | 000013
  • EP RUNTIME 7.30 | SP015 | 000000
  • EP RUNTIME 7.31 | SP018 | 000000
  • EP RUNTIME 7.40 | SP013 | 000000
  • EP RUNTIME 7.50 | SP000 | 000000
  • EP RUNTIME 7.50 | SP001 | 000000
  • PORTAL BASIS 7.10 | SP021 | 000000
  • PORTAL BASIS 7.11 | SP016 | 000000
  • PORTAL BASIS 7.20 | SP009 | 000021
  • PORTAL BASIS 7.30 | SP015 | 000000
  • PORTAL BASIS 7.31 | SP018 | 000000
  • PORTAL BASIS 7.40 | SP013 | 000000
  • PORTAL BASIS 7.50 | SP000 | 000000
  • PORTAL BASIS 7.50 | SP001 | 000000
  • PORTAL CORE SERVICES 7.00 | SP033 | 000001
  • PORTAL CORE SERVICES 7.00 | SP034 | 000000
  • PORTAL CORE SERVICES 7.01 | SP018 | 000001
  • PORTAL CORE SERVICES 7.01 | SP019 | 000000
  • PORTAL CORE SERVICES 7.02 | SP018 | 000001

Affected component

    EP-PIN-AI
    Application Integration

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2169722

TAGS

#UI-redressing-attack
#Clickjacking
#Framing-Protection
#Framing
#IFrame
#UI-Redressing
#Clickjacking-Whitelist
#X-FRAME-OPTIONS
#Enterprise-Portal

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies