SAP NetWeaver J2EE Engine Cross-site Scripting Vulnerability
Publish date: 31 de mayo de 2016
Gravedad: Crítico
Fecha recomendada: 31 de mayo de 2016
Descripción
An attacker can ask victims to visit a malicious site with special content, where external SWF and resourceModuleURLs attributes can force the vulnerable SWF of SAP NetWeaver Portal 7.4 to execute a query in the victim's context and send private data to the attacker. The attacker can exploit XSS and steal user authentication information.
Revelación de la información
Apply associated Trend Micro DPI Rules.
Soluciones
Trend Micro Deep Security DPI Rule Number: 1000552