SAP NetWeaver J2EE Engine Cross-site Scripting Vulnerability
Data de publicação: 31 maio 2016
Schweregrad: : Crítico
Data do informe: 31 maio 2016
Descrição
An attacker can ask victims to visit a malicious site with special content, where external SWF and resourceModuleURLs attributes can force the vulnerable SWF of SAP NetWeaver Portal 7.4 to execute a query in the victim's context and send private data to the attacker. The attacker can exploit XSS and steal user authentication information.
Exposição das informações
Apply associated Trend Micro DPI Rules.
Solução
Trend Micro Deep Security DPI Rule Number: 1000552