Описание
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.
Ссылки
- Third Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Third Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.
Уязвимость платформы интеграции сценариев производственных операций SAP Manufacturing Integration and Intelligence, связанная с подделкой межсайтовых запросов, позволяющая нарушителю получить доступ к уязвимому приложению
EPSS
8.8 High
CVSS3
6.8 Medium
CVSS2