Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Tomcat on MSA accessible from the network, SAP security note 1525994

Description

The Apache Tomcat server delivered with SAP CRM Mobile Sales, which is required by the IPC (Internet Pricing & Configuration) user interface is accessible from the network. It could be abused by a malicious user on the network to read and modify data.

Available fix and Supported packages

  • APACHETOMCAT | 6.0 | 6.0
  • APACHETOMCAT | 5.5 | 5.5

Affected component

    CRM-MSA-IPC-CFG
    Use CRM-MSA(IPC Configuration)

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1525994

TAGS

#MSA
#access-restriction
#localhost

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.