CVE-2019-0267: SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might…

high8.8CVSS 3.0

AVNACLPRNUIRSUCHIHAH

SAP Manufacturing Integration and Intelligence, versions 15.0, 15.1 and 15.2, (Illuminator Servlet) currently does not provide Anti-XSRF tokens. This might lead to XSRF attacks in case the data is being posted to the Servlet from an external application.

Affected

6 ranges

Vendor	Product	Version range	Fixed in
sap	manufacturing_integration_and_intelligence	—	—
sap	manufacturing_integration_and_intelligence	—	—
sap	manufacturing_integration_and_intelligence	—	—
sap_se	sap_manufacturing_integration_and_intelligence	< 15.0	15.0
sap_se	sap_manufacturing_integration_and_intelligence	< 15.1	15.1
sap_se	sap_manufacturing_integration_and_intelligence	< 15.2	15.2