Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Update 2 to security note 1651004, SAP security note 1839511

Description

Security note 1651004 has been rereleased due to missing validity entries. Newly-added releases that are affected are listed below:
SAP J2EE ENGINE 640 SP26, SP27, SP28, SP29
PORTAL PLATFORM 6.0_640 SP26, SP27, SP28, SP29

SAP J2EE ENGINE 700 SP23, SP24, SP25, SP26
SAP J2EE ENGINE CORE 700 SP23, SP24, SP25, SP26
SAP JAVA TECH SERVICES 700 SP23, SP24, SP25, SP26
PORTAL FRAMEWORK 700 SP23, SP24, SP25, SP26

SAP J2EE ENGINE 701 SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 701 SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 701 SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 701 SP07, SP08, SP09, SP10

SAP J2EE ENGINE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 702 SP05, SP06, SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 702 SP05, SP06, SP07, SP08, SP09, SP10

Available fix and Supported packages

  • EP-PSERV | 6.0_640 | 6.0_640
  • SAP-JEE | 6.40 | 6.40
  • SAP-JEE | 7.00 | 7.00
  • SAP_JTECHS | 7.00 | 7.01
  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 7.01 | 7.01

Affected component

    BC-JAS-SEC
    Security, User Management

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1839511

TAGS

#cross-frame-scripting
#XFS
#logon-application
#update
#update-note

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.