Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Missing authorization check in DMIS_BSC and DMIS_CNT, SAP security note 2115610

Description

An authenticated user can use functions of DMIS_CNT and DMIS_BSC to which access should be restricted. This may result in an escalation of privileges.

Available fix and Supported packages

  • DMIS_CNT | 2006_1_620 | 2006_1_620
  • DMIS_CNT | 2006_1_640 | 2006_1_640
  • DMIS_CNT | 2006_1_700 | 2006_1_700
  • DMIS_CNT | 2011_1_620 | 2011_1_620
  • DMIS_CNT | 2011_1_640 | 2011_1_640
  • DMIS_CNT | 2011_1_700 | 2011_1_700
  • DMIS_CNT | 2011_1_710 | 2011_1_710
  • DMIS_CNT | 2011_1_730 | 2011_1_730
  • DMIS_CNT | 2011_1_731 | 2011_1_731
  • DMIS_CNT | 2012_1_620 | 2012_1_620
  • DMIS_CNT | 2012_1_640 | 2012_1_640
  • DMIS_CNT | 2012_1_700 | 2012_1_700
  • DMIS_BSC | 2008_1_620 | 2008_1_620
  • DMIS_BSC | 2008_1_640 | 2008_1_640
  • DMIS_BSC | 2008_1_700 | 2008_1_700
  • DMIS_CNT 2006_1_620 | SAPK-61525INDMISCNT |
  • DMIS_CNT 2006_1_640 | SAPK-61625INDMISCNT |
  • DMIS_CNT 2006_1_700 | SAPK-61725INDMISCNT |
  • DMIS_CNT 2011_1_620 | SAPK-11109INDMISCNT |
  • DMIS_CNT 2011_1_640 | SAPK-11209INDMISCNT |
  • DMIS_CNT 2011_1_700 | SAPK-11309INDMISCNT |
  • DMIS_CNT 2011_1_710 | SAPK-11409INDMISCNT |
  • DMIS_CNT 2011_1_730 | SAPK-11509INDMISCNT |
  • DMIS_CNT 2011_1_731 | SAPK-11609INDMISCNT |
  • DMIS_BSC 2008_1_620 | SAPK-81516INDMISBSC |
  • DMIS_BSC 2008_1_640 | SAPK-81616INDMISBSC |
  • DMIS_BSC 2008_1_700 | SAPK-81716INDMISBSC |

Affected component

    CA-TDM
    Test Data Migration Server (SAP TDMS)

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2115610

TAGS

#Authorization
#authorization-check
#DMIS_CNT
#DMIS_BSC

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.