SAP NetWeaver J2EE Engine Cross-site Scripting Vulnerability
Publish Date: 31 maggio 2016
Gravità: : Critico
Data notifica: 31 maggio 2016
Descrizione
An attacker can ask victims to visit a malicious site with special content, where external SWF and resourceModuleURLs attributes can force the vulnerable SWF of SAP NetWeaver Portal 7.4 to execute a query in the victim's context and send private data to the attacker. The attacker can exploit XSS and steal user authentication information.
Informazioni esposizione:
Apply associated Trend Micro DPI Rules.
Soluzioni
Trend Micro Deep Security DPI Rule Number: 1000552