Description
The function of Italian agency collections in FS-CD can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
Important: This SAP Note is only relevant for customers who use FS-CD (software component INSURANCE) and (!) the Italian agency collections function (BSP application ITAGCY, activation using transaction ITAGCYCUST -> “Basic Settings -> Basic settings for agency collections”) verwenden. Other customers are not affected and do not have to implement this SAP Note.
Available fix and Supported packages
- INSURANCE | 600 | 600
- INSURANCE | 602 | 602
- INSURANCE | 603 | 603
- INSURANCE | 604 | 604
- INSURANCE | 605 | 605
- INSURANCE | 606 | 606
- INSURANCE | 616 | 616
- INSURANCE 600 | SAPK-60021ININSURANC |
- INSURANCE 602 | SAPK-60211ININSURANC |
- INSURANCE 603 | SAPK-60310ININSURANC |
- INSURANCE 604 | SAPK-60411ININSURANC |
- INSURANCE 605 | SAPK-60508ININSURANC |
- INSURANCE 606 | SAPK-60603ININSURANC |
- INSURANCE 616 | 616 |
Affected component
- FS-CD
Collections and Disbursements
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1676678
