Potential disclosure of persisted data in BW-BCT-ISR-PIP, SAP security note 1488964

Description

A malicious user can exploit BW-BCT-ISR-PIP (test report /RTF/TEST_KTRF) and use specially crafted inputs to modify data-base commands, resulting in the retrieval of additional information persisted by the system.

Available fix and Supported packages

BI_CONT | 703 | 703
BI_CONT | 704 | 704
BI_CONT | 705 | 705
BI_CONT | 724 | 724
BI_CONT | 735 | 735
BI_CONT 704 | SAPK-70409INBICONT |
BI_CONT 705 | SAPK-70502INBICONT |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1488964

Vahagn Vardanian

Potential disclosure of persisted data in BW-BCT-ISR-PIP, SAP security note 1488964

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection
#database
#BW-BCT-ISR-PIP

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Vahagn Vardanian

Potential disclosure of persisted data in BW-BCT-ISR-PIP, SAP security note 1488964

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection#database#BW-BCT-ISR-PIP

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Special offer for SAP Security Udemy course!

$ 9.99

#SQL-injection
#database
#BW-BCT-ISR-PIP