Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Security note, input-output validation in APO CLP, SAP security note 914920

Description

All Web servers that receive input parameters through HTTP requests, and then generate dynamic HTML pages and send the generated content as an answer to the client, are potentially subject to “Cross Site Scripting’ attacks.

Available fix and Supported packages

  • SCM | 500 | 500
  • SCM 500 | SAPKY50004 |
  • SCM 400 | SAPKY40022 |
  • SCM 410 | SAPKY41017 |

Affected component

    SCM-APO-CA-COP
    Collaborative Planning

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/914920

TAGS

#Collaborative-planning
#CLP
#CLPSDP
#CLPBID
#CLPPROMCAL
#Cross-Site-Scripting
#XSS

More to explorer