Description
Service Data Download (a part of the SAP Solution Manager Plugin) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system.
Some well-known impacts of Code Injection vulnerability are
- Unauthorized execution of commands
- Sensitive information disclosure
- Denial of Service
Available fix and Supported packages
- ST-PI | 2008_1_46C | 2008_1_46C
- ST-PI | 2008_1_620 | 2008_1_620
- ST-PI | 2008_1_640 | 2008_1_640
- ST-PI | 2008_1_700 | 2008_1_700
- ST-PI | 2008_1_710 | 2008_1_710
- ST-PI | 740 | 740
- ST-PI 740 | SAPK-74012INSTPI |
- ST-PI 2008_1_700 | SAPKITLRDV |
- ST-PI 2008_1_710 | SAPKITLREV |
Affected component
- SV-SMG-SDD
Service Data Download
CVSS
Score: 9.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2835979