Background: You have been carrying out security checks on the Enterprise Portal (EP) and encountered a vulnerability type " MongoDB Script Injection Attack" for a system URL.
Overview: At first glance a security attack may appear prevelant because of a HTTP 200 response which signifies the response was returned with some altered parameters.
Important Point To Remember: The WorkProtectPopup which may lead you to believe that there is a security issue or breach but this is not the case.
The WorkProtectPopup request is just a popup window with some options and does not perform any SQL queries or submission actions. MongoDB is not associated to or used in EP in any method.
The work protect mode provides the infrastructure for handling unsaved data in SAP NetWeaver Portal. An application is called“dirty” if the entered data has not yet been saved. Normally data is lost when the user navigates to another application without having first saved the data. To prevent this from happening, the client framework of the portal monitors the current status of all the applications in the portal.