Description
This security note has been updated. For more detailed information, see
Security Note 1716165 and Security Note 1839511.
The SAP logon application can be abused by an attacker, allowing them to gain access to data entered in the different pages of the logon application by a legitimate user.
Available fix and Supported packages
- EPBC2 | 7.00 | 7.02
- EP-PSERV | 6.0_640 | 6.0_640
- SAP-JEE | 6.40 | 6.40
- SAP-JEE | 7.00 | 7.02
- SAP_JTECHS | 6.40 | 6.40
- SAP_JTECHS | 7.00 | 7.02
- SAP-JEECOR | 7.00 | 7.00
- SAP-JEECOR | 6.40 | 6.40
- SAP-JEECOR | 7.01 | 7.02
- SERVERCORE | 7.10 | 7.10
- SERVERCORE | 7.11 | 7.11
- SERVERCORE | 7.20 | 7.20
- SERVERCORE | 7.30 | 7.30
- SERVERCORE | 7.31 | 7.31
- J2EE-APPS | 7.10 | 7.11
- J2EE-APPS | 7.20 | 7.20
- J2EE-APPS | 7.30 | 7.30
- J2EE-APPS | 7.31 | 7.31
- J2EE ENGINE APPLICATIONS 7.10 | SP011 | 000005
- J2EE ENGINE APPLICATIONS 7.10 | SP012 | 000004
- J2EE ENGINE APPLICATIONS 7.10 | SP013 | 000001
- J2EE ENGINE APPLICATIONS 7.10 | SP014 | 000001
- J2EE ENGINE APPLICATIONS 7.10 | SP015 | 000000
- J2EE ENGINE APPLICATIONS 7.11 | SP005 | 000018
- J2EE ENGINE APPLICATIONS 7.11 | SP006 | 000010
- J2EE ENGINE APPLICATIONS 7.11 | SP007 | 000007
- J2EE ENGINE APPLICATIONS 7.11 | SP008 | 000003
- J2EE ENGINE APPLICATIONS 7.11 | SP009 | 000000
- J2EE ENGINE APPLICATIONS 7.20 | SP003 | 000015
- J2EE ENGINE APPLICATIONS 7.20 | SP004 | 000012
- J2EE ENGINE APPLICATIONS 7.20 | SP005 | 000005
- J2EE ENGINE APPLICATIONS 7.20 | SP006 | 000002
- J2EE ENGINE APPLICATIONS 7.20 | SP007 | 000000
- J2EE ENGINE APPLICATIONS 7.30 | SP001 | 000007
- J2EE ENGINE APPLICATIONS 7.30 | SP002 | 000007
- J2EE ENGINE APPLICATIONS 7.30 | SP003 | 000003
- J2EE ENGINE APPLICATIONS 7.30 | SP004 | 000002
- J2EE ENGINE APPLICATIONS 7.30 | SP005 | 000002
Affected component
- BC-JAS-SEC
Security, User Management
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1651004
