Skip to Content
0
Jun 23, 2020 at 02:46 PM

Cross Site Request Forgery (CSRF) Flaws in BO 4.1

128 Views

We are checking security vulnerabilities using Veracode Tool. While scanning we got one high priority CSRF Flaws i.e. The JSESSIONID cookie does not have the SameSite attribute set. Using this attribute helps protect against Cross-Site-Request-Forgery (CSRF) attacks, by restricting when cookies will be sent to the site. CSRF attacks are a class of confused deputy attacks that exploit the behavior of browsers always sending authorization cookies in requests.


While searching solution for CSRF Flaw we got SAP Note: 2893546.

Kindly let me know whether this Note 2893546 is applicable for Buisness Object application or not. If yes then please let me know steps, how to execute it?

Thanks,

Shivkumar