Symptom
During vulnerability test against site created in Cloud Portal Service in NEO, notice there is cookie with name format ouc<xxxxx>_anchor which has no HttpOnly flag set. See following image as an example:
"Image/data in this KBA is from SAP internal systems, sample data, or demo systems. Any resemblance to real data is purely coincidental."
Read more...
Environment
- Business Technology Platform - BTP
- Cloud Portal Service on NEO - CPP on NEO
Product
Keywords
var anchorCookie, encodeURIComponent, http only, attribute, flpnwc, anchorCookie, anchor cookie, btp, flp, portal, cloud portal, cpp, BTP@FLP, FLP@BTP, ?hc_login , KBA , BC-NEO-SEC-IAM , Authentication, Authorization(Cloud Platform Neo) , EP-CPP-NEO-FS , Freestyle sites , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.