Description
A malicious user can exploit in function modules of the iPPE and use specially crafted inputs to modify data-base commands, resulting in the retrieval of additional information persisted by the system.
Available fix and Supported packages
- EA-IPPE | 200 | 200
- EA-IPPE | 300 | 300
- EA-IPPE | 400 | 400
- EA-IPPE | 404 | 404
- EA-IPPE | 405 | 405
- EA-IPPE | 406 | 406
- EA-IPPE | 616 | 616
- EA-IPPE | 617 | 617
- EA-IPPE | 618 | 618
- EA-IPPE 400 | SAPKGPID18 |
- EA-IPPE 406 | 406 |
- EA-IPPE 405 | SAPK-40502INEAIPPE |
- EA-IPPE 200 | SAPKGPIB30 |
- EA-IPPE 300 | SAPKGPIC22 |
- EA-IPPE 404 | SAPK-40408INEAIPPE |
- EA-IPPE 616 | 616 |
- EA-IPPE 617 | 617 |
- EA-IPPE 618 | 618 |
Affected component
- AP-PPE
Integrated Product and Process Engineering
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1487973