Skip links

Adobe SDK XSS vulnerability – Flex, SAP security note 2393021

Description

The binaries of wd.flex project consumed in developing flex applications are shown to be vulnerable. The vulnerability can be detected via dowloading the Adobe tool from the below link.

https://helpx.adobe.com/flash-builder/kb/flex-security-issue-apsb11-25.html#main_main_solution

The adobe tool has also been attached in this note.

Available fix and Supported packages

  • WD-FLEX | 7.20 | 7.20
  • WD-FLEX | 7.30 | 7.30
  • WD-FLEX | 7.31 | 7.31
  • WD-FLEX | 7.40 | 7.40
  • WD-FLEX | 7.50 | 7.50
  • WEB DYNPRO FLEX CLIENT 7.20 | SP009 | 000001
  • WEB DYNPRO FLEX CLIENT 7.30 | SP016 | 000001
  • WEB DYNPRO FLEX CLIENT 7.30 | SP017 | 000000
  • WEB DYNPRO FLEX CLIENT 7.31 | SP019 | 000001
  • WEB DYNPRO FLEX CLIENT 7.31 | SP020 | 000000
  • WEB DYNPRO FLEX CLIENT 7.40 | SP014 | 000001
  • WEB DYNPRO FLEX CLIENT 7.40 | SP015 | 000000
  • WEB DYNPRO FLEX CLIENT 7.50 | SP005 | 000001
  • WEB DYNPRO FLEX CLIENT 7.50 | SP006 | 000001
  • WEB DYNPRO FLEX CLIENT 7.50 | SP007 | 000000

Affected component

    BC-WD-CLT-FLX
    Flex

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2393021

TAGS

#Web-dynpro-flex
#Web-dynpro-java
#Flash-Islands
#Flex-application