EP: MongoDB Script Injection attack vulnerability has been identified.

Background: You have been carrying out security checks on the Enterprise Portal (EP) and  encountered a vulnerability type ” MongoDB Script Injection Attack” for a system URL.

Overview:  At first glance a security attack may appear prevelant because of a HTTP 200 response which signifies the response was returned with some altered parameters.

Important Point To Remember:  The WorkProtectPopup which may lead you to believe that there is a  security issue or breach but this is not the case.

The WorkProtectPopup request is just a popup window with some options and  does not perform any SQL queries or submission actions. MongoDB is not  associated to or used in EP in any method.

The work protect mode provides the infrastructure for handling unsaved data in  SAP NetWeaver Portal. An application is called“dirty” if the  entered data has not yet been saved. Normally data is lost when the  user navigates to another application without having first saved the  data. To prevent this from happening, the client framework of the  portal monitors the current status of all the applications in the portal.