SAP NetWeaver J2EE Engine Cross-site Scripting Vulnerability
Severity: CRITICAL
Advisory Date: MAY 31, 2016
DESCRIPTION
An attacker can ask victims to visit a malicious site with special content, where external SWF and resourceModuleURLs attributes can force the vulnerable SWF of SAP NetWeaver Portal 7.4 to execute a query in the victim's context and send private data to the attacker. The attacker can exploit XSS and steal user authentication information.
TREND MICRO PROTECTION INFORMATION
Apply associated Trend Micro DPI Rules.
SOLUTION
Trend Micro Deep Security DPI Rule Number: 1000552