Description
BEx Web can be abused by a malicious user, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
Available fix and Supported packages
- BI-FW | 2.0 | 2.0
- BI-BASE | 2.0 | 2.0
- BI-BICS | 2.0 | 2.0
- BI-EXP | 2.0 | 2.0
- BI-APPL | 2.0 | 2.0
- BI-CLNT | 2.0 | 2.0
- BO-BASE-S | 4.0 | 4.0
- BO-WEBAPP | 4.0 | 4.0
- BI-BASE-E | 7.30 | 7.30
- BI-BASE-B | 7.30 | 7.30
- HM-BI-RIC | 2.0 | 2.0
- BI-RIC | 2.0 | 2.0
- BI-IBC | 7.30 | 7.30
- BI-BASE-S | 7.00 | 7.02
- BI-BASE-S | 7.30 | 7.30
- SAP_BW | 700 | 702
- SAP_BW | 711 | 711
- HM-BI-BASE-S | 7.00 | 7.02
- HM-BI-BASE-S | 7.30 | 7.30
- HM-BIWEBAPP | 7.00 | 7.02
- BI BASE SERVICES 7.00 | SP028 | 000000
- BI BASE SERVICES 7.01 | SP013 | 000000
- BI RIC APPLICATIONS 2.0 | SP012 | 000000
- BI RIC BASE 2.0 | SP012 | 000000
- BI RIC CLIENT 2.0 | SP012 | 000000
- BI RIC FRAMEWORK 2.0 | SP012 | 000000
- BI WEB APPLICATIONS 7.00 | SP028 | 000000
- BI WEB APPLICATIONS 7.01 | SP013 | 000000
Affected component
- BW-BEX-ET-WJR-RT
Web Runtime and API commands
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1689059
