Possible disclosure of data in function grp BCA_API_CN_CTRL, SAP security note 1509064

Description

A malicious user can make specific entries in the function modules BCA_API_CHECK_TABLE_VAL_EXISTS, BCA_API_CN_CTRL_CHCKTAB_VAL_EX, BCA_API_CN_CTRL_CHCKTAB_VAL_GE and BCA_CHECK_TABLE_VALUE_EXISTS in the function group BCA_API_CN_CTRL to disclose additional data or to change data saved in the database.

Available fix and Supported packages

FSAPPL | 100 | 100
FSAPPL | 200 | 200
FSAPPL | 300 | 300
BANK-TRBK | 30 | 30
BANK-TRBK | 40 | 40
FSAPPL 100 | SAPKISC214 |
FSAPPL 200 | SAPKISC313 |
FSAPPL 300 | SAPK-30006INFSAPPL |
BANK-TRBK 30 | SAPKISCC12 |
BANK-TRBK 40 | SAPKISC109 |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1509064

Vahagn Vardanian

Possible disclosure of data in function grp BCA_API_CN_CTRL, SAP security note 1509064

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection
#database
#BCA_API_CHECK_TABLE_VAL_EXISTS
#BCA_API_CN_CTRL_CHCKTAB_VAL_EX
#BCA_API_CN_CTRL_CHCKTAB_VAL_GE
#BCA_CHECK_TABLE_VALUE_EXISTS
#BCA_API_CN_CTRL

Explore More

SAP Security Patch Day June 2026

RedRays ABAP Security Challenge 2026

SAP Security Patch Day – May 2026

SAP npm Packages Hijacked to Steal Cloud Credentials and Weaponize AI Coding Agents

Vahagn Vardanian

Possible disclosure of data in function grp BCA_API_CN_CTRL, SAP security note 1509064

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection#database#BCA_API_CHECK_TABLE_VAL_EXISTS#BCA_API_CN_CTRL_CHCKTAB_VAL_EX#BCA_API_CN_CTRL_CHCKTAB_VAL_GE#BCA_CHECK_TABLE_VALUE_EXISTS#BCA_API_CN_CTRL

Explore More

SAP Security Patch Day June 2026

RedRays ABAP Security Challenge 2026

SAP Security Patch Day – May 2026

SAP npm Packages Hijacked to Steal Cloud Credentials and Weaponize AI Coding Agents

#SQL-injection
#database
#BCA_API_CHECK_TABLE_VAL_EXISTS
#BCA_API_CN_CTRL_CHCKTAB_VAL_EX
#BCA_API_CN_CTRL_CHCKTAB_VAL_GE
#BCA_CHECK_TABLE_VALUE_EXISTS
#BCA_API_CN_CTRL