Lack of Anti-XSRF Tokens in SAP Manufacturing Integration and Intelligence Servlet

Lack of Anti-XSRF Tokens in SAP Manufacturing Integration and Intelligence Servlet

CVE-2019-0267 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.

Learn more about our External Network Penetration Testing.