/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
A security penetration test has reported that an application in the BTP NEO platform has an insecure cookie attribute: SameSite=None.
Example:
Set-Cookie: JSESSIONID= xxxxxxxxxxx; Path=/; Secure; HttpOnly; SameSite=None;
This is also valid for the BTP Cockpit on Cloud Foundry.
Read more...
Environment
SAP Business Technology Platform
Product
SAP Business Technology Platform all versions
Keywords
pen test, fiori applications, audit, SameSite=None CF, NEO , KBA , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , BC-CP-CPT , SAP BTP Cockpit [Feature Set B] , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)