Lack of Anti-XSRF Tokens in SAP Manufacturing Integration and Intelligence Servlet
CVE-2019-0267 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.
Learn more about our External Network Penetration Testing.