SAP針對Web Dispatcher修補高風險XSS漏洞
支付動態 · 2024-11-13

本週二SAP發布11月例行更新,其中出現於應用程式負載平衡系統Web Dispatcher的高風險漏洞CVE-2024-47590,相當值得注意,攻擊者有機會藉此執行任意程式碼,影響機密性、完整性、可用性

11月SAP發布8個資安公告,並更新其中2個已公開的漏洞資訊,其中最受到注意的部分,是CVSS風險評分最高的CVE-2024-47590,影響的產品是應用程式負載平衡系統Web Dispatcher,屬於跨網站指令碼(XSS)弱點,危險程度為8.8分。

針對這項漏洞帶來的危險,SAP指出未經身分驗證的攻擊者能製作能公開存取的惡意連結,一旦有通過身分驗證的使用者點選,網頁便會在使用者的瀏覽器以輸入資料產生內容,進行跨網站指令碼攻擊,或是將這些資料傳送到其他伺服器,進行伺服器請求偽造(SSRF)攻擊,導致攻擊者能夠執行任意程式碼,從而影響伺服器的機密性、完整性、可用性。

針對這項漏洞,資安業者Onapsis提出進一步說明,指出該漏洞僅影響啟用管理介面的Web Dispatcher。若是IT人員無法及時套用更新程式,SAP也提供臨時的緩解措施,包括透過刪除特定檔案或設定檔組態來停用管理介面,或是刪除所有使用者的管理權限來因應。

熱門文章
PropellerAds Shared a New iGaming Case Study: 97,674 Installs and 12,701 Deposits in 3 Months
Marketing
GAT CDMX 2025 Institutional Academy: Leaders and Experts Analyze the Present and Future of the Gaming Industry in Mexico and Lat
Sports Game
Zenith partners with HUIDU for 2026 World Cup Carnival Official Tour
Online Game
1spin4win releases unique slot Don Catleone Hold and Win featuring gangster cats
Online Game
Kazakhstan plans to penalise online casino promotions
Regulation
Institutional Academy that exceeded expectations marked the opening of GAT CDMX
Online Game
Indiana online casino bill stalls in House committee
Regulation
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Manila delivers: Highlights from SiGMA Asia 2026 
Southeast Asia
JILI Partners with Cricket Legend AB de Villiers (ABD) to Launch Exclusive Branded Game Series 100% 11
Sports Game
British gambling levy rates confirmed for each vertical
Regulation
GAT Expo CDMX 2026 Kicks Off Today in Mexico with a Sold-Out Opening Reception at Big Bola Casino Santa Fe
Marketing
首頁
遊戲
合作
發現
我的