BADI BUPA_F4_AUGRP does not filter BP’s in search, SAP security note 1363631

Description

The search help feature showed Business partner details when the required authorization for the user was missing. This is not correct as only users with sufficient authorizations should be able to view the Business partner data through the search help.

Available fix and Supported packages

SAP_ABA | 640 | 640
SAP_ABA | 700 | 702
SAP_ABA | 710 | 711
SAP_ABA 701 | SAPKA70105 |
SAP_ABA 700 | SAPKA70020 |
SAP_ABA 710 | SAPKA71009 |
SAP_ABA 702 | SAPKA70202 |
SAP_ABA 711 | SAPKA71104 |
SAP_ABA 640 | SAPKA64028 |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1363631

Arpine Maghakyan

BADI BUPA_F4_AUGRP does not filter BP’s in search, SAP security note 1363631

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#B_BUPA_GRP-BUPA_AUGRP-BUPA_F4_AUGRP-AUTHORIZATION

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535