Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

Missing authorization checks in function modules related to CRM knowledgebases for configurable products, SAP security note 2271018

Description

This SAP note describes new authorization checks in the following RFC function modules for CRM Configuration Knowledgebases:

COM_PME_GET_NEW_IDS

COM_PME_DB_INSERT_STABLE

COM_PME_DB_INSERT_KB_START

COM_PME_DB_INSERT_KB_END

COM_PME_DB_INSERT_CFGKB

COM_PME_DB_INSERT_VTABLE

COM_PME_DB_TRANS_START

COM_PME_DB_TRANS_ROLLBACK

COM_PME_DB_TRANS_COMMIT

CRM_SCE_DB_TRANS_INIT_RFC

Available fix and Supported packages

  • BBPCRM | 700 | 700
  • BBPCRM | 701 | 701
  • BBPCRM | 702 | 702
  • BBPCRM | 712 | 712
  • BBPCRM | 713 | 713
  • BBPCRM | 714 | 714
  • BBPCRM 700 | SAPKU70018 |
  • BBPCRM 701 | SAPKU70115 |
  • BBPCRM 712 | SAPKU71210 |
  • BBPCRM 702 | SAPKU70217 |
  • BBPCRM 714 | SAPK-71402INBBPCRM |
  • BBPCRM 713 | SAPKU71312 |

Affected component

    CRM-BF-CFG
    Product Configuration

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2271018

TAGS

#Authorization
#authorization-check
#PME
#configuration-knowledgebase

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,