Picture of Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

January 10, 2012
12:00 am

Dangerous File Inclusion in CRM Web Channel, SAP security note 1592837

Description

Web Channel applications contain code that potentially allows a malicous user to include unexpected web content that changes the program’s behaviour

Available fix and Supported packages

SAP-CRMISA | 4.0_640 | 4.0_640
SAP-CRMJAV | 5.0 | 5.0
SAP-CRMJAV | 6.0 | 6.0
SAP-CRMJAV | 700 | 700
SAP-CRMJAV | 701 | 701
SAP-CRMJAV | 730 | 730
SAP-CRMWEB | 5.0 | 5.0
SAP-CRMWEB | 6.0 | 6.0
SAP-CRMWEB | 700 | 700
SAP-CRMWEB | 701 | 701
SAP-CRMWEB | 730 | 730
SAP-SHRWEB | 5.0 | 5.0
SAP-SHRWEB | 6.0 | 6.0
SAP-SHRWEB | 700 | 700
SAP-SHRWEB | 701 | 701
SAP-SHRWEB | 730 | 730
SAP-SHRJAV | 5.0 | 5.0
SAP-SHRJAV | 6.0 | 6.0
SAP-SHRJAV | 700 | 700
SAP-SHRJAV | 701 | 701
CRM JAVA APPLICATIONS 5.0 | SP019 | 000010
CRM JAVA APPLICATIONS 6.0 | SP009 | 000006
CRM JAVA APPLICATIONS 7.0 | SP010 | 000008
CRM JAVA APPLICATIONS 7.01 | SP006 | 000005
CRM JAVA APPLICATIONS 7.30 | SP000 | 000015
CRM JAVA COMPONENTS 5.0 | SP019 | 000010
CRM JAVA COMPONENTS 6.0 | SP009 | 000006
CRM JAVA COMPONENTS 7.0 | SP010 | 000008
CRM JAVA COMPONENTS 7.01 | SP006 | 000005
CRM JAVA COMPONENTS 7.30 | SP000 | 000015
CRM JAVA WEB COMPONENTS 5.0 | SP019 | 000010
CRM JAVA WEB COMPONENTS 6.0 | SP009 | 000006
CRM JAVA WEB COMPONENTS 7.0 | SP010 | 000008
CRM JAVA WEB COMPONENTS 7.01 | SP006 | 000005
CRM JAVA WEB COMPONENTS 7.30 | SP000 | 000015
SAP INTERNET SALES WAC_640 | SP017 | 000007
SAP SHARED JAVA APPLIC. 5.0 | SP019 | 000010
SAP SHARED JAVA APPLIC. 6.0 | SP009 | 000006
SAP SHARED JAVA APPLIC. 7.0 | SP010 | 000008
SAP SHARED JAVA APPLIC. 7.01 | SP006 | 000005

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1592837

TAGS

#Dangerous-File-Inclusion
#CRM-Web-Channel
#Internet-Sales
#Internet-Service
#CRM-ISA
#CRM-ISE
#Internet-Sales
#isa
#ECo
#E-Commerce
#E-Commerce
#WebChannel
#Web-Channel
#CRM
#ERP
#r3
#r\3
#r/3
#ECC

Explore More

SAP Security Patch Day – August 2025

August 12, 2025

SAP has released its August 2025 security patch package containing 19 security notes addressing critical vulnerabilities across enterprise SAP environments. This release

SAP Security Training – Why Businesses Can’t Ignore It Anymore

July 31, 2025

The moment a company decides to run its finance, logistics or human-resources data on SAP, it gains a powerhouse of efficiency –

SAP Security Patch Day – July 2025

July 9, 2025

On July 8, 2025, SAP released its monthly security updates affecting 27 components. This month includes 5 HotNews notes (CVSS ≥ 9.0)

Registration Open: SAP Security Training – August 2025 | Limited Seats

June 20, 2025

Discover vulnerabilities through the eyes of an attacker In today’s digital landscape, SAP systems form the backbone of critical business operations for