Description
An attacker can exploit SAP CPQ Solution Sales Configuration and use specially crafted inputs to modify database commands, resulting in the retrieval of additional information persisted by the system.
Available fix and Supported packages
- SLCC | 701 | 701
- SLCE | 605 | 605
- FBS_SOLCONF_IPC | 1.0 | 1.0
- FBS_SOLCONF_SHRAPP | 1.0 | 1.0
- FBS_SOLCONF_SHRWEB | 1.0 | 1.0
- FBS_SOLCONF_SHRJAV | 1.0 | 1.0
- FBS_SOLCONF_SAP-SHRJAV | 1.0 | 1.0
- FBS_SOLCONF_JDOC | 1.0 | 1.0
- SLCC 701 | SAPK-70106INSLCC |
- SLCE 605 | SAPK-60506INSLCE |
- FBS_SOLCONF_IPC 1.0 | SP005 | 000008
- FBS_SOLCONF_JDOC 1.0 | SP005 | 000008
- FBS_SOLCONF_SAP-SHRJAV 1.0 | SP005 | 000008
- FBS_SOLCONF_SHRAPP 1.0 | SP005 | 000008
- FBS_SOLCONF_SHRJAV 1.0 | SP005 | 000008
- FBS_SOLCONF_SHRWEB 1.0 | SP005 | 000008
Affected component
- LO-SLC
Solution Configuration
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2150625