漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Multiple vulnerabilities in SAP Supplier Relationship Management (Live Auction Cockpit)
Vulnerability Description
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to execute malicious script in the victim�s browser. This vulnerability has low impact on confidentiality and integrity within the scope of that victim�s browser, with no effect on availability of the application
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
SAP Supplier Relationship Management 跨站脚本漏洞
Vulnerability Description
SAP Supplier Relationship Management(SRM)是德国思爱普(SAP)公司的一套供应商关系管理解决方案。该产品实现了企业内以及供应商之间采购和购置流程的自动化,并提供发票开具等功能。 SAP Supplier Relationship Management存在跨站脚本漏洞,该漏洞源于使用废弃Java小程序组件,可能导致执行恶意脚本。
CVSS Information
N/A
Vulnerability Type
N/A