Description
Certain types of attachments to BPM tasks and processes are recognized by the browser and automatically executed upon download, e.g. javascript files. This creates a potential risk of executing malicious active content. Since BPM as a platform is not intended for use with open user goups (i.e. anonymous users) the risk is rated low.
Available fix and Supported packages
- BPEM-WDUI | 7.11 | 7.11
Affected component
- BC-BMT-BPM-DSK
Process Desk
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/1433736