Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Possible change/disclosure of persisted data in EH&S, SAP security note 1810405

Description

An attacker can exploit EHS and use specially crafted inputs to
modify database commands, resulting in the modification or display
of data persisted by the system.

Available fix and Supported packages

  • SAP_APPL | 46C | 46C
  • SAP_APPL | 470 | 470
  • SAP_APPL | 500 | 500
  • SAP_APPL | 600 | 600
  • SAP_APPL | 602 | 602
  • SAP_APPL | 603 | 603
  • SAP_APPL | 604 | 604
  • SAP_APPL | 605 | 605
  • SAP_APPL | 606 | 606
  • SAP_APPL | 616 | 616
  • EA-APPL | 110 | 110
  • EA-APPL | 200 | 200
  • EA-APPL | 500 | 500
  • EA-APPL | 600 | 600
  • EA-APPL | 602 | 602
  • EA-APPL | 603 | 603
  • EA-APPL | 604 | 604
  • EA-APPL | 605 | 605
  • EA-APPL | 606 | 606
  • EA-APPL | 616 | 616
  • EHS | 0207B0406C | 0207B0406C
  • SAP_APPL 603 | SAPKH60312 |
  • SAP_APPL 604 | SAPKH60413 |
  • SAP_APPL 605 | SAPKH60510 |
  • SAP_APPL 470 | SAPKH47040 |
  • SAP_APPL 500 | SAPKH50029 |
  • SAP_APPL 606 | SAPKH60607 |
  • SAP_APPL 616 | SAPKH61602 |
  • SAP_APPL 600 | SAPKH60024 |
  • SAP_APPL 602 | SAPKH60214 |
  • EA-APPL 110 | SAPKGPAA36 |
  • EA-APPL 200 | SAPKGPAB25 |
  • EA-APPL 500 | SAPKGPAC29 |
  • EA-APPL 600 | SAPKGPAD24 |
  • EA-APPL 602 | SAPK-60214INEAAPPL |
  • EA-APPL 603 | SAPK-60313INEAAPPL |
  • EA-APPL 604 | SAPK-60414INEAAPPL |
  • EA-APPL 605 | SAPK-60511INEAAPPL |
  • EA-APPL 606 | SAPK-60608INEAAPPL |
  • EA-APPL 616 | SAPK-61603INEAAPPL |

Affected component

    EHS-SAF
    Product Safety

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1810405

TAGS

#EHS31SP36PSEHS32SP25PSEHS2004SP29PSEHS2005SP24PSEHS62SP14PSEHS63SP13PSEHS64SP14PSEHS65SP11PSEHS66SP08PSEHS616SP03PSSQL-injection
#database
#EH&amp-S

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.