/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
During the analysis of the intermediate authentication processes on the platform, it was identified that a response provided by the authentication service contains a variable that exposes information about the client's domains and subdomains. This vulnerability allows obtaining a list of domains and subdomains, including many that are development or private, which should not be publicly accessible.
Exposed variable is “var_validDomains"
Read more...
Environment
SAP Customer Data Cloud
Product
SAP Customer Data Cloud all versions
Keywords
Gigya, CDC, vulnerability, variable exposure, var_validDomains , KBA , CEC-PRO-RAS , RaaS (Screen-Sets, Site Policies, Schema) , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)