Description
An authenticated user can use functionality of the Data Integrity Manager (DIMa) to which access should be restricted. This can potentially result in an Escalation of Privileges.
A list of the header tables of DIMa objects does not exist in ERP.
Available fix and Supported packages
- PI_BASIS | 2004_1_620 | 2004_1_640
- PI_BASIS | 2005_1_620 | 2005_1_700
- PI_BASIS | 2006_1_620 | 2006_1_710
- PI_BASIS | 701 | 702
- PI_BASIS | 711 | 730
- PI | 2004_1_46C | 2004_1_46C
- PI_BASIS 702 | SAPK-70205INPIBASIS |
- PI_BASIS 2005_1_620 | SAPKIPYJ5M |
- PI_BASIS 2006_1_620 | SAPKIPYK12 |
- PI_BASIS 730 | SAPK-73002INPIBASIS |
- PI_BASIS 2006_1_710 | SAPKIPYN12 |
- PI_BASIS 711 | SAPK-71107INPIBASIS |
- PI_BASIS 2005_1_640 | SAPKIPYJ6M |
- PI_BASIS 2006_1_640 | SAPKIPYL12 |
- PI_BASIS 2005_1_700 | SAPKIPYJ7O |
- PI_BASIS 2006_1_700 | SAPKIPYM14 |
- PI_BASIS 701 | SAPK-70109INPIBASIS |
- PI 2004_1_46C | SAPKIPZI4J |
Affected component
- CRM-MW-ADP
Middleware Adapter
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1498366
