Description
When you start a service, the message “Security exploit” appears. In the trace, you can then find entries such as:
illegal host in ~designbaseurl=…….
WorkXSSFilter: possible xss exploit
Available fix and Supported packages
- BC-FES-ITS | 620 | 630
- SAP_BASIS | 640 | 640
- SAP_BASIS | 700 | 701
- SAP_BASIS | 710 | 710
- SAP BASIS 7.01 | SP000 | 000000
- SAP KERNEL 6.40 32-BIT | SP223 | 000223
- SAP KERNEL 6.40 32-BIT UNICODE | SP223 | 000223
- SAP KERNEL 6.40 64-BIT | SP223 | 000223
- SAP KERNEL 6.40 64-BIT UNICODE | SP223 | 000223
- SAP KERNEL 7.10 32-BIT | SP092 | 000092
- SAP KERNEL 7.10 32-BIT UNICODE | SP092 | 000092
- SAP KERNEL 7.10 64-BIT | SP092 | 000092
- SAP KERNEL 7.10 64-BIT UNICODE | SP092 | 000092
Affected component
- BC-FES-ITS
SAP Internet Transaction Server
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/889454
