Description
Dynpro Processing does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Some well-known impacts of Missing Authorization check are –
- abuse functionality restricted to a particular user group
- read, modify or delete restricted data
Available fix and Supported packages
- KRNL32NUC | 7.21 | 7.21
- KRNL32NUC | 7.21EXT | 7.21EXT
- KRNL32UC | 7.21 | 7.21
- KRNL32UC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.21 | 7.21
- KRNL64NUC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.22 | 7.22
- KRNL64NUC | 7.22EXT | 7.22EXT
- KRNL64NUC | 7.49 | 7.49
- KRNL64UC | 7.21 | 7.21
- KRNL64UC | 7.21EXT | 7.21EXT
- KRNL64UC | 7.22 | 7.22
- KRNL64UC | 7.22EXT | 7.22EXT
- KRNL64UC | 7.49 | 7.49
- KRNL64UC | 7.53 | 7.53
- KERNEL | 7.21 | 7.22
- KERNEL | 7.45 | 7.45
- KERNEL | 7.49 | 7.49
- KERNEL | 7.53 | 7.53
- KERNEL | 7.71 | 7.71
- SAP KERNEL 7.21 32-BIT | SP1010 | 001010
- SAP KERNEL 7.21 32-BIT UNICODE | SP1010 | 001010
- SAP KERNEL 7.21 64-BIT | SP1010 | 001010
- SAP KERNEL 7.21 64-BIT UNICODE | SP1010 | 001010
- SAP KERNEL 7.21 EXT 32-BIT | SP1010 | 001010
- SAP KERNEL 7.21 EXT 32-BIT UC | SP1010 | 001010
- SAP KERNEL 7.21 EXT 64-BIT | SP1010 | 001010
- SAP KERNEL 7.21 EXT 64-BIT UC | SP1010 | 001010
- SAP KERNEL 7.22 64-BIT | SP513 | 000513
- SAP KERNEL 7.22 64-BIT UNICODE | SP513 | 000513
- SAP KERNEL 7.22 EXT 64-BIT | SP513 | 000513
- SAP KERNEL 7.22 EXT 64-BIT UC | SP513 | 000513
- SAP KERNEL 7.45 64-BIT | SP622 | 000622
- SAP KERNEL 7.45 64-BIT UNICODE | SP622 | 000622
- SAP KERNEL 7.49 64-BIT | SP414 | 000414
- SAP KERNEL 7.49 64-BIT UNICODE | SP414 | 000414
- SAP KERNEL 7.53 64-BIT | SP090 | 000090
- SAP KERNEL 7.53 64-BIT UNICODE | SP090 | 000090
- SAP KERNEL 7.71 64-BIT UNICODE | SP009 | 000009
Affected component
- BC-ABA-SC
Dynpro and CUA engine
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2579693
