Skip links

PI SEC Security vulnerabilities found in Apache Commons Collections library used in Enterprise Services Repository, SAP security note 2246851

Description

Enterprise Services Repository (ESR) uses a version of Apache Commons Collections, for which security vulnerabilities have been detected.

Available fix and Supported packages

  • SAP_XIESR | 7.30 | 7.30
  • SAP_XIESR | 7.31 | 7.31
  • SAP_XIESR | 7.40 | 7.40
  • SAP_XIESR | 7.50 | 7.50
  • ESR 7.30 | SP011 | 000013
  • ESR 7.30 | SP012 | 000013
  • ESR 7.30 | SP013 | 000008
  • ESR 7.30 | SP014 | 000001
  • ESR 7.30 | SP015 | 000000
  • ESR 7.31 | SP014 | 000022
  • ESR 7.31 | SP015 | 000011
  • ESR 7.31 | SP016 | 000007
  • ESR 7.31 | SP017 | 000003
  • ESR 7.31 | SP018 | 000000
  • ESR 7.40 | SP009 | 000019
  • ESR 7.40 | SP010 | 000011
  • ESR 7.40 | SP011 | 000006
  • ESR 7.40 | SP012 | 000003
  • ESR 7.40 | SP013 | 000000
  • ESR 7.50 | SP000 | 000003
  • ESR 7.50 | SP001 | 000002
  • ESR 7.50 | SP002 | 000000
  • ESR 7.50 | SP003 | 000000

Affected component

    BC-XI-IBD
    Integration Builder – Design

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2246851

TAGS

#Process-Integration
#ESR
#OSS
#remote-code-injection
#denial-of-service
#java-serialization-vulnerability

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies