Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Encryption of the ‘state’ field of JSF Pages, SAP security note 1485551

Description

You are developing a JavaServer Faces application and you need to store session state information on the client-side.

Available fix and Supported packages

  • SAP_BASIS | 640 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 720

Affected component

    BC-JAS-SEC
    Security, User Management

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]drays.io.

URL

https://launchpad.support.sap.com/#/notes/1485551

TAGS

#JavaServer-Faces
#JSF
#session-state

More to explorer