SAP NetWeaver J2EE Engine Cross-site Scripting Vulnerability
Publish Date: 31 Mai 2016
Schweregrad:: Kritisch
Hinweisdatum: 31 Mai 2016
Beschreibung
An attacker can ask victims to visit a malicious site with special content, where external SWF and resourceModuleURLs attributes can force the vulnerable SWF of SAP NetWeaver Portal 7.4 to execute a query in the victim's context and send private data to the attacker. The attacker can exploit XSS and steal user authentication information.
Trend Micro Lösungen
Apply associated Trend Micro DPI Rules.
Lösungen
Trend Micro Deep Security DPI Rule Number: 1000552