Skip links

Missing authorization check in a BW report, SAP security note 1414059

Description

You can make changes in BW without an authorization check via an older program that is no longer used in BW.
The BW system may become unstable as a result.

Available fix and Supported packages

  • SAP_BW | 20B | 20B
  • SAP_BW | 21C | 21C
  • SAP_BW | 30B | 30B
  • SAP_BW | 310 | 310
  • SAP_BW | 350 | 350
  • SAP_BW | 700 | 702
  • SAP_BW | 710 | 720
  • SAP_BW_VIRTUAL_COMP | 30B | 30B
  • SAP_BW_VIRTUAL_COMP | 701 | 701

Affected component

    BW-BEX-OT-DBIF
    Interface to Database

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1414059

TAGS

#Missing-authorization
#security
#system-stability

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies