In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated malicious user to attempt reflected cross-site scripting, which could result in disclosure or modification of information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap enable now - |