Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

July 12, 2016
12:00 am

Whitelist based Clickjacking Framing Protection in HTMLB Java, SAP security note 2263656

Description

HTMLB does not protect its applications against Clickjacking attacks.

Available fix and Supported packages

EPBC2 | 7.00 | 7.02
LM-TOOLS | 7.00 | 7.02
SAP_JTECHS | 7.00 | 7.02
EP-BASIS | 7.10 | 7.11
EP-BASIS | 7.30 | 7.30
EP-BASIS | 7.31 | 7.31
EP-BASIS | 7.40 | 7.40
EP-BASIS | 7.50 | 7.50
LMNWAUIFRMRK | 7.10 | 7.11
LMNWAUIFRMRK | 7.30 | 7.30
LMNWAUIFRMRK | 7.31 | 7.31
LMNWAUIFRMRK | 7.40 | 7.40
LMNWAUIFRMRK | 7.50 | 7.50
FRAMEWORK-EXT | 7.30 | 7.30
FRAMEWORK-EXT | 7.31 | 7.31
FRAMEWORK-EXT | 7.40 | 7.40
FRAMEWORK-EXT | 7.50 | 7.50
FRAMEWORK | 7.10 | 7.11
FRAMEWORK EXTENSIONS 7.30 | SP014 | 000006
FRAMEWORK EXTENSIONS 7.30 | SP015 | 000002
FRAMEWORK EXTENSIONS 7.30 | SP016 | 000000
FRAMEWORK EXTENSIONS 7.30 | SP017 | 000000
FRAMEWORK EXTENSIONS 7.31 | SP017 | 000008
FRAMEWORK EXTENSIONS 7.31 | SP018 | 000002
FRAMEWORK EXTENSIONS 7.31 | SP019 | 000000
FRAMEWORK EXTENSIONS 7.40 | SP012 | 000008
FRAMEWORK EXTENSIONS 7.40 | SP013 | 000002
FRAMEWORK EXTENSIONS 7.40 | SP014 | 000000
FRAMEWORK EXTENSIONS 7.50 | SP002 | 000003
FRAMEWORK EXTENSIONS 7.50 | SP003 | 000002
FRAMEWORK EXTENSIONS 7.50 | SP004 | 000000
FRAMEWORK EXTENSIONS 7.50 | SP005 | 000000
JAVA FRAMEWORK OFFLINE 7.10 | SP020 | 000007
JAVA FRAMEWORK OFFLINE 7.10 | SP021 | 000000
JAVA FRAMEWORK OFFLINE 7.10 | SP022 | 000000
JAVA FRAMEWORK OFFLINE 7.11 | SP016 | 000000
JAVA FRAMEWORK OFFLINE 7.11 | SP017 | 000000
JAVA FRAMEWORK OFFLINE 7.20 | SP009 | 000020

Affected component

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2263656

TAGS

#UI-redressing-attack
#Clickjacking
#Framing-Protection
#Framing
#IFrame
#UI-Redressing
#Clickjacking-Whitelist
#X-FRAME-OPTIONS
#HTMLB

More to explorer

SAP Security Patch Day RedRays

SAP Security Patch Day – April 2024

April 9, 2024

On April 9, 2024, SAP took a significant step towards enhancing the security of its software components by releasing a series of

SAP Security Patch Day RedRays

SAP Security Patch Day – March 2024

March 12, 2024

On March 12, 2024, SAP took a significant step towards enhancing the security of its software components by releasing a series of

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,

Critical XSS Vulnerability Identified in SAP NetWeaver AS Java

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-22126 Affected Software: SAP NetWeaver Application Server for Java (AS Java) User Admin Application