Symptom
There are cross-site scripting vulnerabilities in the following URLs:
- http://<server>:<port>/admin/CMC/<UID>/admin/logon.faces
- http://<server>:<port>/BOE/portal/<UID>/PlatformServices/service/app/logon.do
- http://<server>:<port>/admin/CMC/<UID>/PlatformServices/service/app/timeout.do
- http://<server>:<port>/admin/CMC/<UID>/PlatformServices/jsp/Help/helpRedirect.faces
- http://<server>:<port>//admin/CMC/<UID>/admin/App/frameset.jsp
Cause
This is tracked under ADAPT01632353
Resolution
The fix for this appears in Patch 2.16
Keywords
KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , Problem
Product
SAP Crystal Reports 2011