Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

KM UI vulnerable to CSRF attacks, SAP security note 1620044

Description

A malicious user can execute functions in KM UI without authentication and authoriza-tion.

Available fix and Supported packages

  • EPBC2 | 7.00 | 7.02
  • KMC-BC | 7.30 | 7.30
  • KMC-BC | 7.31 | 7.31
  • EP-PSERV | 6.0_640 | 6.0_640
  • EP-CM | 6.0_640 | 6.0_640
  • SAP_JTECHS | 7.00 | 7.02
  • EP-BASIS | 7.30 | 7.30
  • EP-BASIS | 7.31 | 7.31
  • FRAMEWORK-EXT | 7.30 | 7.30
  • FRAMEWORK-EXT | 7.31 | 7.31
  • CM+COLLABORATION 6.0_640 | SP025 | 000008
  • CM+COLLABORATION 6.0_640 | SP026 | 000008
  • CM+COLLABORATION 6.0_640 | SP027 | 000005
  • CM+COLLABORATION 6.0_640 | SP028 | 000002
  • CM+COLLABORATION 6.0_640 | SP029 | 000000
  • CM+COLLABORATION 6.0_640 | SP030 | 000000
  • FRAMEWORK EXTENSIONS 7.30 | SP001 | 000001
  • FRAMEWORK EXTENSIONS 7.30 | SP002 | 000001
  • FRAMEWORK EXTENSIONS 7.30 | SP003 | 000001
  • FRAMEWORK EXTENSIONS 7.30 | SP004 | 000001
  • FRAMEWORK EXTENSIONS 7.30 | SP005 | 000001
  • FRAMEWORK EXTENSIONS 7.31 | SP001 | 000001
  • KMC BASE COMPONENTS 7.30 | SP001 | 000003
  • KMC BASE COMPONENTS 7.30 | SP002 | 000004
  • KMC BASE COMPONENTS 7.30 | SP003 | 000004
  • KMC BASE COMPONENTS 7.30 | SP004 | 000002
  • KMC BASE COMPONENTS 7.30 | SP005 | 000001
  • KMC BASE COMPONENTS 7.30 | SP006 | 000000
  • KMC BASE COMPONENTS 7.30 | SP007 | 000000
  • KMC BASE COMPONENTS 7.31 | SP001 | 000000

Affected component

    EP-KM-CM-UI
    CM User Interface

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1620044

TAGS

#Cross-site-request-forgery
#XSRF

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer