Description
Campaign application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection
Some well-known impacts of CSRF vulnerability are –
- Attacker could take actions on behalf of an authenticated user
- Loss of non-repudiation
Available fix and Supported packages
- SAP_CUAN | 150 | 150
- SAP_CUAN | 160 | 160
- UICUAN | 150 | 150
- UICUAN | 160 | 160
- SAP_CUAN 150 | SAPK-15001INSAPCUAN |
- SAP_CUAN 160 | SAPK-16001INSAPCUAN |
- UICUAN 150 | SAPK-15001INUICUAN |
- UICUAN 160 | SAPK-16001INUICUAN |
Affected component
- CEC-MKT-CPG-UI
Campaign UI
CVSS
Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2955963