Description
A malicious user can exploit CRMD_FM_ACL_SV and use specially crafted inputs to execute arbitrary database commands to remove data persisted by the system.
Available fix and Supported packages
- BBPCRM | 600 | 600
- BBPCRM | 700 | 700
- BBPCRM | 701 | 701
- BBPCRM 600 | SAPKU60008 |
- BBPCRM 701 | SAPKU70102 |
- BBPCRM 700 | SAPKU70008 |
Affected component
- CRM-FM-ACL
Accruals
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1482345