PT-2019-4570 · Sap · Sap Manufacturing Integration/Intelligence

Publicado

2019-02-15

Atualizado

2019-03-12

CVE-2019-0267

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SAP Manufacturing Integration and Intelligence versions 15.0 through 15.2

Description The issue is related to the lack of Anti-XSRF tokens in the Illuminator Servlet, which could lead to cross-site request forgery (XSRF) attacks if data is posted to the Servlet from an external application. This might allow a remote attacker to gain access to the vulnerable application.

Recommendations For versions 15.0 through 15.2, consider implementing Anti-XSRF tokens in the Illuminator Servlet to prevent XSRF attacks. As a temporary workaround, restrict access to the Illuminator Servlet to minimize the risk of exploitation.

Correção

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

BDU:2020-00630

CVE-2019-0267

Produtos afetados

Sap Manufacturing Integration/Intelligence

PT-2019-4570 · Sap · Sap Manufacturing Integration/Intelligence

CVE-2019-0267

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7