SAP NetWeaver J2EE Engine Cross-site Scripting Vulnerability
Publish Date: 31 de maja de 2016
Severity: : Critical
Advisory Date: 31 de maja de 2016
DESCRIPTION
An attacker can ask victims to visit a malicious site with special content, where external SWF and resourceModuleURLs attributes can force the vulnerable SWF of SAP NetWeaver Portal 7.4 to execute a query in the victim's context and send private data to the attacker. The attacker can exploit XSS and steal user authentication information.
INFORMATION EXPOSURE
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552