安全研究
安全漏洞
SAP NetWeaver AS for ABAP and ABAP Platform开放重定向漏洞(CVE-2023-23860)
发布日期:2023-02-13
更新日期:2023-04-21
受影响系统:SAP SAP NetWeaver AS for ABAP and ABAP Platform 790
SAP SAP NetWeaver AS for ABAP and ABAP Platform 789
SAP SAP NetWeaver AS for ABAP and ABAP Platform 757
SAP SAP NetWeaver AS for ABAP and ABAP Platform 756
SAP SAP NetWeaver AS for ABAP and ABAP Platform 755
SAP SAP NetWeaver AS for ABAP and ABAP Platform 754
SAP SAP NetWeaver AS for ABAP and ABAP Platform 753
SAP SAP NetWeaver AS for ABAP and ABAP Platform 752
SAP SAP NetWeaver AS for ABAP and ABAP Platform 751
SAP SAP NetWeaver AS for ABAP and ABAP Platform 750
SAP SAP NetWeaver AS for ABAP and ABAP Platform 740
描述:
CVE(CAN) ID:
CVE-2023-23860
SAP NetWeaver AS是德国思爱普(SAP)公司的一款SAP网络应用服务器,它不仅能提供网络服务,且还是SAP软件的基本平台。
SAP NetWeaver AS for ABAP and ABAP Platform 740、750、751、752、753、754、755、756、757、789和790版本存在跨站脚本漏洞,未经身份认证的攻击者可利用该漏洞通过制作链接将用户重定向到恶意站点,从而读取和修改敏感信息或使用户遭受网络钓鱼攻击。
<*链接:
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
*>
建议:
厂商补丁:
SAP
---
SAP已经为此发布了一个安全公告(2023-01-10)以及相应补丁:
2023-01-10:SAP Security Patch Day – April 2023
链接:
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html浏览次数:351
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障 |
