SAP Knowledge Base Article - Preview

2588281 - Vendavo application Security Vulnerability

Symptom

Vendavo application could be vulnerable to stored cross site scripting attacks that can be exploited by an authenticated user.

Affected Parameter:callback

** Vendavo are aware of the issue and have created JIRA VEN-44117


Read more...

Environment

Vendavo Product Version
SAP Price and Margin Management < 8.3.0

Product

SAP Price and Margin Management 5.2 by Vendavo ; SAP Price and Margin Management 5.3 by Vendavo ; SAP Price and Margin Management 6.0 by Vendavo ; SAP Price and Margin Management 6.5 by Vendavo for SAP NetWeaver 2004 ; SAP Price and Margin Management 6.5 by Vendavo for SAP NetWeaver 7.0 ; SAP Price and Margin Management 6.5.1 by Vendavo for SAP NetWeaver 2004 ; SAP Price and Margin Management 6.5.1 by Vendavo for SAP NetWeaver 2004s ; SAP Price and Margin Management 6.7 by Vendavo ; SAP Price and Margin Management 7.0 by Vendavo ; SAP Price and Margin Management 7.1 by Vendavo ; SAP Price and Margin Management 7.5 by Vendavo ; SAP Price and Margin Management 7.6 by Vendavo ; SAP Price and Margin Management 8.0 by Vendavo ; SAP Price and Margin Management 8.1 by Vendavo ; SAP Price and Margin Management 8.2 by Vendavo

Keywords

Vendavo, scripting, vulnerability, cross script, scripting, XSS, malicious, browser, HTML, cookies, session tokens, sensitive , KBA , XX-PART-PMM , Vendavo Price + Margin Mgmt. , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.