Content Player LSO CW28/2016

Application Development Blog Posts

Learn and share on deeper, cross technology development topics such as integration and connectivity, automation, cloud extensibility, developing at scale, and security.

Hi Guys,

The development team has released notes that in my opinion are worth looking into as the fix some security issues.

The first note 2337225 informs about an issue where LSO Content Player allowed attacker to put the malicious page in a frame and hijack user clicks meant for the original (top level) page, resulting in Clickjacking vulnerability.

Successful exploitation of this vulnerability leads to unwanted modification of user's data.

The issue can be solved by applying LSOCP 634 Support Package 4 which was delivered in the note 2065494

Regards
LSO and TEM Support

SAP Managed Tags:
Security

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Count

Content Player LSO CW28/2016

Get Started with the ABAP Development Tools for SAP NetWeaver

Become an ABAP in Eclipse Feature Explorer and earn the Explorer Badge

Six kinds of debugging tips to find the source code where the message is raised