CVE-2017-15294
https://notcve.org/view.php?id=CVE-2017-15294
The Java administration console in SAP CRM has XSS. This is SAP Security Note 2478964. La consola de administración Java en SAP CRM tiene XSS. Esto corresponde con SAP Security Note 2478964. • http://www.securityfocus.com/bid/99532 https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017 https://erpscan.io/advisories/erpscan-17-035-xss-crm-administration-console-java • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2017-15296
https://notcve.org/view.php?id=CVE-2017-15296
The Java component in SAP CRM has CSRF. This is SAP Security Note 2478964. El componente Java en SAP CRM tiene CSRF. Esto corresponde con SAP Security Note 2478964. • https://blogs.sap.com/2017/07/11/sap-security-patch-day-july-2017 https://erpscan.io/advisories/erpscan-17-036-csrf-sap-java-crm • CWE-352: Cross-Site Request Forgery (CSRF) •