Описание
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Vendor Advisory
- Exploit
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:sap_web_application_server:6.10:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:6.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:6.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_web_application_server:7.0:*:*:*:*:*:*:*
EPSS
Процентиль: 82%
0.01653
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter.
EPSS
Процентиль: 82%
0.01653
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other