Credit card information which is relevant for safety may be written to the J2EE engine log file isa.log (in the WEB-INF/log directory).
This data can be misused by persons who are authorized or not authorized to access the log files and it is a possible safety hazard. This affects both ISA for CRM and ISA for R/3.
Available fix and Supported packages
- BBPCRM | 300 | 300
- BBPCRM | 310 | 310
- BBPCRM | 400 | 400
Shopping Basket and Order Entry
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.