SAP Knowledge Base Article - Preview

3198099 - Security vulnerabilities detected by 3rd party scans

Symptom

Third-party security scans/Penetration test report errors like (but not limited to) the following:

  • [Possible] BREACH Attack Detected
  • HTTP Security Header Not Detected
  • "Open redirect ...."
  • "Vulnerable endpoint.."
  • XSS open redirect


Read more...

Environment

  • SAP NetWeaver
  • SAP NetWeaver Application Server for SAP S/4HANA
  • ABAP PLATFORM - Application Server ABAP

Product

ABAP platform all versions ; SAP NetWeaver all versions ; SAP Web Application Server for SAP S/4HANA all versions

Keywords

Vulnerable javascript library, jQuery.mobile, XSS, ICF, Internet Communication Framework, SICF, Service , Services, ICF service, ICF_GDPR , KBA , BC-MID-ICF , Internet Communication Framework , BC-SEC-SSL , Secure Sockets Layer Protocol , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.