Potential disclosure of data in Direct Store Delivery, SAP security note 1489660

Description

In transaction SE37, a malicious user can use a function module from Direct Store Delivery to trigger the disclosure of additional data by using specially crafted inputs.

Available fix and Supported packages

EA-APPL | 200 | 200
EA-APPL | 500 | 500
EA-APPL | 600 | 600
EA-APPL | 602 | 602
EA-APPL | 603 | 603
EA-APPL | 604 | 604
EA-APPL | 605 | 605
EA-APPL 600 | SAPKGPAD18 |
EA-APPL 602 | SAPK-60208INEAAPPL |
EA-APPL 603 | SAPK-60307INEAAPPL |
EA-APPL 605 | SAPK-60502INEAAPPL |
EA-APPL 200 | SAPKGPAB20 |
EA-APPL 500 | SAPKGPAC24 |
EA-APPL 604 | SAPK-60408INEAAPPL |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1489660

Vahagn Vardanian

Potential disclosure of data in Direct Store Delivery, SAP security note 1489660

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection–database–Direct-Store-Delivery–DSD–connector

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Vahagn Vardanian

Potential disclosure of data in Direct Store Delivery, SAP security note 1489660

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection–database–Direct-Store-Delivery–DSD–connector

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Special offer for SAP Security Udemy course!

$ 9.99