Description
CO-PA contains code that permits the execution of arbitrary program code of the user’s choice.
An attacker can therefore control the behavior of the system, or can potentially escalate privileges by executing malicious code, without having their own legitimate credentials.
Available fix and Supported packages
- SAP_APPL | 600 | 600
- SAP_APPL | 602 | 602
- SAP_APPL | 603 | 603
- SAP_APPL | 604 | 604
- SAP_APPL | 605 | 605
- SAP_APPL | 606 | 606
- SAP_APPL | 616 | 616
- SAP_FIN | 617 | 617
- SAP_APPL 600 | SAPKH60024 |
- SAP_APPL 602 | SAPKH60214 |
- SAP_APPL 603 | SAPKH60313 |
- SAP_APPL 604 | SAPKH60414 |
- SAP_APPL 605 | SAPKH60511 |
- SAP_APPL 606 | SAPKH60608 |
- SAP_APPL 616 | SAPKH61603 |
- SAP_FIN 617 | SAPK-61701INSAPFIN |
Affected component
- CO-PA
Profitability Analysis
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1865302