SAP ME MFG 5.2 is vulnerable to XSRF attacks., SAP security note 1536474

Description

An un-authorized user can trigger functionality in SAP ME MFG
5.2 on behalf of an unsuspecting authorized user by fooling the unsuspecting user to trigger a URL callback via a script or special HTML element parameter.

Available fix and Supported packages

VISIPRISEMFG | 520 | 520

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1536474

Arpine Maghakyan

SAP ME MFG 5.2 is vulnerable to XSRF attacks., SAP security note 1536474

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Cross-Site-Request-Forgery
#CSRF
#XSRF
#SAP-ME-MFG-5.2

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

Arpine Maghakyan

SAP ME MFG 5.2 is vulnerable to XSRF attacks., SAP security note 1536474

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Cross-Site-Request-Forgery#CSRF#XSRF#SAP-ME-MFG-5.2

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

#Cross-Site-Request-Forgery
#CSRF
#XSRF
#SAP-ME-MFG-5.2