Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

XSS attacks via ~designbaseurl, SAP security note 889454

Description

When you start a service, the message “Security exploit” appears. In the trace, you can then find entries such as:

illegal host in ~designbaseurl=…….
WorkXSSFilter: possible xss exploit

Available fix and Supported packages

  • BC-FES-ITS | 620 | 630
  • SAP_BASIS | 640 | 640
  • SAP_BASIS | 700 | 701
  • SAP_BASIS | 710 | 710
  • SAP BASIS 7.01 | SP000 | 000000
  • SAP KERNEL 6.40 32-BIT | SP223 | 000223
  • SAP KERNEL 6.40 32-BIT UNICODE | SP223 | 000223
  • SAP KERNEL 6.40 64-BIT | SP223 | 000223
  • SAP KERNEL 6.40 64-BIT UNICODE | SP223 | 000223
  • SAP KERNEL 7.10 32-BIT | SP092 | 000092
  • SAP KERNEL 7.10 32-BIT UNICODE | SP092 | 000092
  • SAP KERNEL 7.10 64-BIT | SP092 | 000092
  • SAP KERNEL 7.10 64-BIT UNICODE | SP092 | 000092

Affected component

    BC-FES-ITS
    SAP Internet Transaction Server

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/889454

TAGS

#ITS
#XSS
#CSS
#cross-site-scripting
#security-exploit

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN