Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Client-Side Desynchronization vulnerability in SAP Fiori Launchpad
Vulnerability Description
SAP Fiori launchpad - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, UI_700 200, SAP_BASIS 793, allows an attacker to use HTTP verb POST on read-only service causing low impact on Confidentiality of the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
SAP Fiori 环境问题漏洞
Vulnerability Description
SAP Fiori是德国思爱普(SAP)公司的一套为SAP应用程序提供用户体验(UX)的设计系统,它为设计人员和开发人员提供了一套工具和指南,能够快速地开发适用于任何平台的应用,为创建者和用户提供一致、创新的体验。 SAP Fiori launchpad存在环境问题漏洞,该漏洞源于允许攻击者在只读服务上使用HTTP谓词POST。受影响的产品和版本:SAP Fiori launchpad SAP_UI 750版本,SAP_UI 754版本,SAP_UI755版本,SAP_uI756版本,SAP-UI758版
CVSS Information
N/A
Vulnerability Type
N/A