Skip links

Possible execution of arbitrary commands in RFC SDK tools, SAP security note 1481923

Description

An attacker can exploit a memory corruption in the tools of the RFC SDK on the client to
change the program run so that arbitrary commands are executed.
   As a result, all data of this tool
can be seen, deleted or changed.

Available fix and Supported packages

  • SAP_BASIS | 46A | 46D
  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702

Affected component

    BC-MID-RFC
    RFC

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1481923

TAGS

#Buffer-overflow
#buffer-overrun
#remote-code-execution

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies