Description
UPDATE 23rd July 2019 : This note has been re-released with updated ‘solution’ infomation. Also CVSS details were added.
Frameworks and Applications on the NetWeaver Java platform require the configuration needed to call the whitelist clickjacking service.
This configuration will allow the application to call the service and validate the configuration for the server.
Available fix and Supported packages
- LM-TOOLS | 7.00 | 7.02
- LMNWAUIFRMRK | 7.10 | 7.11
- LMNWAUIFRMRK | 7.20 | 7.20
- LMNWAUIFRMRK | 7.30 | 7.30
- LMNWAUIFRMRK | 7.31 | 7.31
- LMNWAUIFRMRK | 7.40 | 7.40
- LMNWAUIFRMRK | 7.50 | 7.50
- LIFECYCLE MGMT TOOLS 7.00 | SP033 | 000001
- LIFECYCLE MGMT TOOLS 7.00 | SP034 | 000000
- LIFECYCLE MGMT TOOLS 7.01 | SP018 | 000001
- LIFECYCLE MGMT TOOLS 7.01 | SP019 | 000000
- LIFECYCLE MGMT TOOLS 7.02 | SP018 | 000002
- LIFECYCLE MGMT TOOLS 7.02 | SP019 | 000000
- LM NWA UI FRAMEWORK 7.10 | SP022 | 000000
- LM NWA UI FRAMEWORK 7.11 | SP017 | 000000
- LM NWA UI FRAMEWORK 7.20 | SP009 | 000004
- LM NWA UI FRAMEWORK 7.30 | SP014 | 000002
- LM NWA UI FRAMEWORK 7.30 | SP015 | 000001
- LM NWA UI FRAMEWORK 7.30 | SP016 | 000000
- LM NWA UI FRAMEWORK 7.30 | SP017 | 000000
- LM NWA UI FRAMEWORK 7.31 | SP017 | 000003
- LM NWA UI FRAMEWORK 7.31 | SP018 | 000001
- LM NWA UI FRAMEWORK 7.31 | SP019 | 000000
- LM NWA UI FRAMEWORK 7.40 | SP012 | 000003
- LM NWA UI FRAMEWORK 7.40 | SP013 | 000001
- LM NWA UI FRAMEWORK 7.40 | SP014 | 000000
- LM NWA UI FRAMEWORK 7.50 | SP000 | 000001
Affected component
- BC-WD-JAV
WebDynpro Java
CVSS
Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2286679
