Patch Day Security Notes SAP Notes

XSS vulnerability in SAP BSP

Leave a Comment on XSS vulnerability in SAP BSP

SAP Note 2684760 – [CVE-2018-2470] Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP Business Server Pages

Version 8 from 18.10.2018

The header “X-Content-Type-Options” is not set. It can lead to MIME Sniffing Attacks.

Solution

“X-Content-Type-Options” is added to HTTP header of BSP and is set to “nosniff” for MIME objects.

Related Post

How to rebuild Fiori Launchpad target mapping in cache?

SolMan: UI related problems (blank screen, missing buttons, freezing UI)

How-To: Configuring automatic SAP HANA Data Collection with SAP HANASitter

How to unlock/reactivate the SYSTEM user on SAP HANA

IS-U Energy losses in transformers, Lines and Reactors for Ukraine

SAP S/4HANA 1909: release restrictions

Leave a Comment

Your email address will not be published. Required fields are marked *

Click here to draw a picture to include in your comment.