Skip links
RedRays
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Whitelist based Clickjacking Framing Protection in Web Dynpro ABAP, SAP security note 1872800

Description

Web Dynpro ABAP does not protect its applications against Clickjacking attacks.

Available fix and Supported packages

  • SAP_UI | 740 | 740
  • SAP_UI | 750 | 750
  • SAP_BASIS | 701 | 702
  • SAP_BASIS | 710 | 711
  • SAP_BASIS | 730 | 730
  • SAP_BASIS | 731 | 731
  • SAP_UI 740 | SAPK-74013INSAPUI |
  • SAP_UI 740 | SAPK-74014INSAPUI |
  • SAP_UI 740 | SAPK-74015INSAPUI |
  • SAP_UI 750 | SAPK-75002INSAPUI |
  • SAP_BASIS 700 | SAPKB70033 |
  • SAP_BASIS 730 | SAPKB73014 |
  • SAP_BASIS 731 | SAPKB73117 |
  • SAP_BASIS 731 | SAPKB73118 |
  • SAP_BASIS 700 | SAPKB70034 |

Affected component

    BC-WD-ABA
    Web Dynpro ABAP

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1872800

TAGS

#UI-redressing-attack
#Clickjacking
#Framing-Protection
#Framing
#IFrame
#UI-Redressing
#Clickjacking-Whitelist
#X-FRAME-OPTIONS
#WDA

More to explorer