Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Potential change/disclosure of persisted data, SAP security note 1594984

Description

This security note has been updated. For details, see security notes 1696267 and 1728256.

A malicious user can use the XML Data Archiving Service (XML DAS) and make entries to change database commands. This results in either the retrieval of additional information, or the modification of data persisted by the system.

Available fix and Supported packages

  • SAP-JEE | 6.40 | 6.40
  • SAP_JTECHS | 7.00 | 7.02
  • J2EE-APPS | 7.10 | 7.11
  • J2EE ENGINE APPLICATIONS 7.10 | SP009 | 000003
  • J2EE ENGINE APPLICATIONS 7.10 | SP010 | 000006
  • J2EE ENGINE APPLICATIONS 7.10 | SP011 | 000003
  • J2EE ENGINE APPLICATIONS 7.10 | SP012 | 000002
  • J2EE ENGINE APPLICATIONS 7.11 | SP004 | 000014
  • J2EE ENGINE APPLICATIONS 7.11 | SP005 | 000014
  • J2EE ENGINE APPLICATIONS 7.11 | SP006 | 000008
  • J2EE ENGINE APPLICATIONS 7.11 | SP007 | 000007
  • SAP J2EE ENGINE 6.40 | SP025 | 000025
  • SAP J2EE ENGINE 6.40 | SP026 | 000026
  • SAP J2EE ENGINE 6.40 | SP027 | 000027
  • SAP J2EE ENGINE 6.40 | SP028 | 000028
  • SAP JAVA TECH SERVICES 7.00 | SP021 | 000030
  • SAP JAVA TECH SERVICES 7.00 | SP022 | 000022
  • SAP JAVA TECH SERVICES 7.00 | SP023 | 000023
  • SAP JAVA TECH SERVICES 7.00 | SP024 | 000024
  • SAP JAVA TECH SERVICES 7.01 | SP006 | 000027
  • SAP JAVA TECH SERVICES 7.01 | SP007 | 000016
  • SAP JAVA TECH SERVICES 7.01 | SP008 | 000010
  • SAP JAVA TECH SERVICES 7.01 | SP009 | 000009

Affected component

    BC-ILM-DAS
    XML Data Archiving Service

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1594984

TAGS

#SQL-injection
#database
#XML-Data-Archiving-Service
#XML-DAS

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,

Protect Your SAP with RedRays Security Platform

Explore the Power of Our Scanner with an Interactive Prototype Below