Skip links

CRM ABAP solution Display orders of other users possible, SAP security note 625135

Description

Due to a technical problem, an Internet user can display all sales orders in the system.
For the Java-based SAP Internet Sales application, this only applies to the B2C scenario.
For the ITS-based SAP Internet Sales application, this only applies if the ~multiinstanceservices parameter is specified with ‘0’ in the service file (<ITS-Instanz>\services\isas of2c.srvc (isas of2b oder global), also see Note 416209). In this case, both scenario B2C and B2B are affected.

Available fix and Supported packages

  • BBPCRM | 20B | 20C
  • BBPCRM | 300 | 300
  • BBPCRM | 310 | 310
  • BBPCRM | 400 | 400
  • BBPCRM 300 | SAPKU30016 |
  • BBPCRM 20B | SAPKU20B30 |
  • BBPCRM 310 | SAPKU31006 |
  • BBPCRM 20C | SAPKU20C23 |
  • BBPCRM 400 | SAPKU40002 |

Affected component

    CRM-ISA
    Internet Sales

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/625135

TAGS

#SAP-Internet-Sales
#security
#security-gap
#order-status
#ISAS-OF2B

Udemy SAP Security Course.

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. This course will help you master SAP security fundamentals, from securing SAP environments to managing user access and addressing vulnerabilities. It is ideal for IT professionals and SAP administrators, providing practical skills to safeguard critical business assets. Whether you’re a beginner or an expert looking to deepen your SAP security knowledge, this course is perfect for you.

More to explorer

SAP Hash Cracking Techniques

Understanding Hash Cracking Hashing is a one-way encryption technique employed to ensure data integrity, authenticate information, and secure passwords alongside other sensitive

SAP Security Patch Day – September 2024

As the second Tuesday of September 2024 approaches, SAP administrators and security professionals are preparing for another crucial event: SAP Security Patch

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.