SAP NetWeaver J2EE Engine Cross-site Scripting Vulnerability
Publish Date: 31 mai 2016
Gravité: : Critique
Date du conseil: 31 mai 2016
Description
An attacker can ask victims to visit a malicious site with special content, where external SWF and resourceModuleURLs attributes can force the vulnerable SWF of SAP NetWeaver Portal 7.4 to execute a query in the victim's context and send private data to the attacker. The attacker can exploit XSS and steal user authentication information.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000552