Description
In the Integrated Communication Interface Mail Channel the connection to the Virus Scan Interface is missing. This can allow a malicious user to upload malicious content to the server, and possibly thereby trick legitimate users into downloading its content.
Available fix and Supported packages
- SAP_ABA | 700 | 700
- CRMUIF | 520 | 520
- CRMUIF | 600 | 600
- BBPCRM | 702 | 702
- BBPCRM | 712 | 712
- WEBCUIF | 700 | 700
- WEBCUIF | 701 | 701
- WEBCUIF | 731 | 731
- WEBCUIF | 730 | 730
- WEBCUIF | 746 | 746
- CRMIS | 400 | 400
- SAP_ABA 700 | SAPKA70028 |
- SAP_ABA 700 | SAPKA70029 |
- CRMUIF 520 | SAPK-52013INCRMUIF |
- CRMUIF 600 | SAPK-60016INCRMUIF |
- BBPCRM 702 | SAPKU70204 |
- BBPCRM 712 | 712 |
- WEBCUIF 731 | SAPK-73104INWEBCUIF |
- WEBCUIF 746 | 746 |
- WEBCUIF 700 | SAPK-70013INWEBCUIF |
- WEBCUIF 701 | SAPK-70110INWEBCUIF |
- WEBCUIF 730 | SAPK-73005INWEBCUIF |
- CRMIS 400 | SAPK-40013INCRMIS |
Affected component
- CA-GTF-IC-CHA
use CRM-IC-CHA(Communication Channels)
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1699357
