PT-2018-15582 · Sap · Sap Data Services

Publicado

2018-10-09

Atualizado

2018-11-23

CVE-2018-2466

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP Data Services version 4.2

Description The management console in SAP Data Services does not sufficiently validate user-controlled inputs, resulting in a Cross-Site Scripting (XSS) issue.

Recommendations For version 4.2, consider implementing additional input validation mechanisms to prevent Cross-Site Scripting attacks. As a temporary workaround, restrict access to the management console to minimize the risk of exploitation.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-2466

Produtos afetados

Sap Data Services

PT-2018-15582 · Sap · Sap Data Services

CVE-2018-2466

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5