Description
IS-B-DP-EDT contains code that changes the program’s behavior when a user is successfully authenticated with a certain user name. Hard-coded user name and password/credentials: An attacker can be authenticated to IS-B-DP-EDT without having their own legitimate credentials, or they may escalate privileges.
Available fix and Supported packages
- SAP_ABA | 620 | 620
- SAP_ABA | 640 | 640
- SAP_ABA | 700 | 702
- SAP_ABA | 710 | 711
- SAP_ABA | 730 | 730
- SAP_ABA | 731 | 731
- SAP_ABA 620 | SAPKA62073 |
- SAP_ABA 640 | SAPKA64031 |
- SAP_ABA 700 | SAPKA70028 |
- SAP_ABA 710 | SAPKA71016 |
- SAP_ABA 701 | SAPKA70113 |
- SAP_ABA 711 | SAPKA71111 |
- SAP_ABA 702 | SAPKA70213 |
- SAP_ABA 730 | SAPKA73009 |
- SAP_ABA 731 | SAPKA73106 |
Affected component
- IS-B-DP-EDT
External Data Transfer
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1753036
