Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Credit card data is stored in the log file, SAP security note 627649

Description

Credit card information which is relevant for safety may be written to the J2EE engine log file isa.log (in the WEB-INF/log directory).
This data can be misused by persons who are authorized or not authorized to access the log files and it is a possible safety hazard. This affects both ISA for CRM and ISA for R/3.

Available fix and Supported packages

  • BBPCRM | 300 | 300
  • BBPCRM | 310 | 310
  • BBPCRM | 400 | 400

Affected component

    CRM-ISA-BAS
    Shopping Basket and Order Entry

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/627649

TAGS

#Credit-cards
#payment
#CRM-Backend
#B2B
#B2C
#log-level
#ISA30
#ISA3.0
#ISA31
#ISA3.1
#ISA4
#ISA40

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer