Clickjacking vulnerability in Cloud Integration Content of SAP Process Integration, SAP security note 2835240

Description

Cloud Integration Content of SAP Process Integration does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability.

Successful exploitation of this vulnerability leads to unwanted modification of user’s data.

Available fix and Supported packages

SAP_XIIGW_APPL | 7.50 | 7.50
XI GATEWAY APPLICATIONS 7.50 | SP014 | 000009
XI GATEWAY APPLICATIONS 7.50 | SP015 | 000006
XI GATEWAY APPLICATIONS 7.50 | SP016 | 000002
XI GATEWAY APPLICATIONS 7.50 | SP017 | 000000

Affected component

CVSS

Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2835240

Arpine Maghakyan

Clickjacking vulnerability in Cloud Integration Content of SAP Process Integration, SAP security note 2835240

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#UI-redressing-attack
#&160-SAP-Process-Orchestration

More to explorer

SAP Security Patch Day – April 2024

SAP Security Patch Day – March 2024

SAP Cloud Connector Certificate Validation Issue

Critical XSS Vulnerability Identified in SAP NetWeaver AS Java

Arpine Maghakyan

Clickjacking vulnerability in Cloud Integration Content of SAP Process Integration, SAP security note 2835240

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#UI-redressing-attack#&160-SAP-Process-Orchestration

More to explorer

SAP Security Patch Day – April 2024

SAP Security Patch Day – March 2024

SAP Cloud Connector Certificate Validation Issue

Critical XSS Vulnerability Identified in SAP NetWeaver AS Java

#UI-redressing-attack
#&160-SAP-Process-Orchestration