Description
An attacker can exploit EHS and use specially crafted inputs to
modify database commands, resulting in the modification or display
of data persisted by the system.
Available fix and Supported packages
- SAP_APPL | 46C | 46C
- SAP_APPL | 470 | 470
- SAP_APPL | 500 | 500
- SAP_APPL | 600 | 600
- SAP_APPL | 602 | 602
- SAP_APPL | 603 | 603
- SAP_APPL | 604 | 604
- SAP_APPL | 605 | 605
- SAP_APPL | 606 | 606
- SAP_APPL | 616 | 616
- EA-APPL | 110 | 110
- EA-APPL | 200 | 200
- EA-APPL | 500 | 500
- EA-APPL | 600 | 600
- EA-APPL | 602 | 602
- EA-APPL | 603 | 603
- EA-APPL | 604 | 604
- EA-APPL | 605 | 605
- EA-APPL | 606 | 606
- EA-APPL | 616 | 616
- EHS | 0207B0406C | 0207B0406C
- SAP_APPL 603 | SAPKH60312 |
- SAP_APPL 604 | SAPKH60413 |
- SAP_APPL 605 | SAPKH60510 |
- SAP_APPL 470 | SAPKH47040 |
- SAP_APPL 500 | SAPKH50029 |
- SAP_APPL 606 | SAPKH60607 |
- SAP_APPL 616 | SAPKH61602 |
- SAP_APPL 600 | SAPKH60024 |
- SAP_APPL 602 | SAPKH60214 |
- EA-APPL 110 | SAPKGPAA36 |
- EA-APPL 200 | SAPKGPAB25 |
- EA-APPL 500 | SAPKGPAC29 |
- EA-APPL 600 | SAPKGPAD24 |
- EA-APPL 602 | SAPK-60214INEAAPPL |
- EA-APPL 603 | SAPK-60313INEAAPPL |
- EA-APPL 604 | SAPK-60414INEAAPPL |
- EA-APPL 605 | SAPK-60511INEAAPPL |
- EA-APPL 606 | SAPK-60608INEAAPPL |
- EA-APPL 616 | SAPK-61603INEAAPPL |
Affected component
- EHS-SAF
Product Safety
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1810405
