Skip links

Cross-Site Request Forgery (CSRF) in SAP Marketing, SAP security note 2955963

Description

Campaign application allows an attacker to trick an authenticated user to send unintended request to the web server. This vulnerability is due to insufficient CSRF protection

Some well-known impacts of CSRF vulnerability are –

  • Attacker could take actions on behalf of an authenticated user
  • Loss of non-repudiation

Available fix and Supported packages

  • SAP_CUAN | 150 | 150
  • SAP_CUAN | 160 | 160
  • UICUAN | 150 | 150
  • UICUAN | 160 | 160
  • SAP_CUAN 150 | SAPK-15001INSAPCUAN |
  • SAP_CUAN 160 | SAPK-16001INSAPCUAN |
  • UICUAN 150 | SAPK-15001INUICUAN |
  • UICUAN 160 | SAPK-16001INUICUAN |

Affected component

    CEC-MKT-CPG-UI
    Campaign UI

CVSS

Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2955963

TAGS

#Open-redirect
#cross-site-redirect
#cross-domain-redirect
#XSRF
#session-riding