Описание
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application
Ссылки
- Permissions Required
- Not Applicable
Уязвимые конфигурации
EPSS
6.1 Medium
CVSS3
Дефекты
Связанные уязвимости
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application
Уязвимость компонента Live Auction Cockpit приложения для автоматизации закупки услуг SAP Supplier Relationship Management, позволяющая нарушителю проводить межсайтовые сценарные атаки
EPSS
6.1 Medium
CVSS3