PT-2017-3751 · Sap · Sap Business Warehouse Universal Data Integration

Aleksandr Shvetsov

+2

·

Publicado

2017-03-16

·

Atualizado

2017-12-21

·

CVE-2017-16685

CVSS v2.0

6.1

Média

VetorAV:N/AC:H/Au:N/C:C/I:P/A:N
Name of the Vulnerable Software and Affected Versions: SAP Business Warehouse Universal Data Integration versions 7.10 through 7.11 SAP Business Warehouse Universal Data Integration version 7.20 SAP Business Warehouse Universal Data Integration version 7.30 SAP Business Warehouse Universal Data Integration version 7.31 SAP Business Warehouse Universal Data Integration version 7.40 SAP Business Warehouse Universal Data Integration version 7.50
Description: The issue is related to Cross-Site scripting (XSS) due to insufficient encoding of user-controlled inputs, allowing a remote attacker to inject arbitrary code. This is caused by incorrect processing of user-provided data.
Recommendations: For SAP Business Warehouse Universal Data Integration versions 7.10 through 7.11, update to a version that properly encodes user-controlled inputs to prevent XSS attacks. For SAP Business Warehouse Universal Data Integration version 7.20, ensure proper encoding of user-controlled inputs to mitigate the risk of code injection. For SAP Business Warehouse Universal Data Integration version 7.30, apply necessary configuration changes to prevent insufficient encoding of user-controlled inputs. For SAP Business Warehouse Universal Data Integration version 7.31, restrict access to areas where user-controlled inputs are processed to minimize the risk of exploitation. For SAP Business Warehouse Universal Data Integration version 7.40, consider implementing additional validation for user-provided data to prevent code injection. For SAP Business Warehouse Universal Data Integration version 7.50, apply a fix that correctly handles user-controlled inputs to prevent XSS attacks.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2019-00306
CVE-2017-16685

Produtos afetados

Sap Business Warehouse Universal Data Integration