Description
This security note has been updated. For details, see security notes 1696267 and 1728256.
A malicious user can use the XML Data Archiving Service (XML DAS) and make entries to change database commands. This results in either the retrieval of additional information, or the modification of data persisted by the system.
Available fix and Supported packages
- SAP-JEE | 6.40 | 6.40
- SAP_JTECHS | 7.00 | 7.02
- J2EE-APPS | 7.10 | 7.11
- J2EE ENGINE APPLICATIONS 7.10 | SP009 | 000003
- J2EE ENGINE APPLICATIONS 7.10 | SP010 | 000006
- J2EE ENGINE APPLICATIONS 7.10 | SP011 | 000003
- J2EE ENGINE APPLICATIONS 7.10 | SP012 | 000002
- J2EE ENGINE APPLICATIONS 7.11 | SP004 | 000014
- J2EE ENGINE APPLICATIONS 7.11 | SP005 | 000014
- J2EE ENGINE APPLICATIONS 7.11 | SP006 | 000008
- J2EE ENGINE APPLICATIONS 7.11 | SP007 | 000007
- SAP J2EE ENGINE 6.40 | SP025 | 000025
- SAP J2EE ENGINE 6.40 | SP026 | 000026
- SAP J2EE ENGINE 6.40 | SP027 | 000027
- SAP J2EE ENGINE 6.40 | SP028 | 000028
- SAP JAVA TECH SERVICES 7.00 | SP021 | 000030
- SAP JAVA TECH SERVICES 7.00 | SP022 | 000022
- SAP JAVA TECH SERVICES 7.00 | SP023 | 000023
- SAP JAVA TECH SERVICES 7.00 | SP024 | 000024
- SAP JAVA TECH SERVICES 7.01 | SP006 | 000027
- SAP JAVA TECH SERVICES 7.01 | SP007 | 000016
- SAP JAVA TECH SERVICES 7.01 | SP008 | 000010
- SAP JAVA TECH SERVICES 7.01 | SP009 | 000009
Affected component
- BC-ILM-DAS
XML Data Archiving Service
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1594984
