Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Possible execution of arbitrary commands in RFC SDK tools, SAP security note 1481923

Description

An attacker can exploit a memory corruption in the tools of the RFC SDK on the client to
change the program run so that arbitrary commands are executed.
   As a result, all data of this tool
can be seen, deleted or changed.

Available fix and Supported packages

  • SAP_BASIS | 46A | 46D
  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702

Affected component

    BC-MID-RFC
    RFC

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1481923

TAGS

#Buffer-overflow
#buffer-overrun
#remote-code-execution

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.