Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

scripts in file executes when an attachment is opened, SAP security note 1536249

Description

When a text file containing script is attached to a Shopping cart in SRM, on opening  the attachment, the script in the file gets automatically executed in Internet Explorer.

Available fix and Supported packages

  • SRM_SERVER | 500 | 500
  • SRM_SERVER | 550 | 550
  • SRM_SERVER 500 | SAPKIBKS17 |
  • SRM_SERVER 550 | SAPKIBKT18 |

Affected component

    SRM-EBP-CA-ATT
    Attachments

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1536249

TAGS

#Attachments
#Internet-explorer
#EnterpriseBuyer-professional-edition
#SRM_SERVER
#CL_HTTP_BBP_DOCSERVER
#SEND_ATT
#

More to explorer