Description
A malicious user can trigger functionality in the italian agency collection functionality in FS-CD without authentication and authorization.
Important: This note is only relevant for customers who are using FS-CD (software component INSURANCE) and (!) the italian agency collection (BSP application ITAGCY activation via transaction ITAGCYCUST -> Basic Settings -> Basic settings for agency collections). All other customers are NOT affected and do not need to implement this note.
Available fix and Supported packages
- INSURANCE | 472 | 472
- INSURANCE | 600 | 600
- INSURANCE | 602 | 602
- INSURANCE | 603 | 603
- INSURANCE | 604 | 604
- INSURANCE | 605 | 605
- INSURANCE 600 | SAPK-60019ININSURANC |
- INSURANCE 602 | SAPK-60209ININSURANC |
- INSURANCE 603 | SAPK-60308ININSURANC |
- INSURANCE 604 | SAPK-60409ININSURANC |
- INSURANCE 605 | SAPK-60503ININSURANC |
- INSURANCE 605 | SAPK-60504ININSURANC |
- INSURANCE 472 | SAPKIPIN21 |
Affected component
- FS-CD
Collections and Disbursements
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1509886
