Potential disclosure of persisted data in XX-CSC-RU, SAP security note 1906841

Description

An attacker can exploit XX-CSC-RU and use specially crafted inputs
to modify database commands, resulting in the retrieval of additional
information persisted by the system.

Available fix and Supported packages

SAP_APPL | 600 | 600
SAP_APPL | 602 | 602
SAP_APPL | 603 | 603
SAP_APPL | 604 | 604
SAP_APPL | 605 | 605
SAP_APPL | 606 | 606
SAP_APPL | 616 | 616
SAP_FIN | 617 | 617
SAP_APPL 616 | SAPKH61604 |
SAP_APPL 600 | SAPKH60025 |
SAP_APPL 602 | SAPKH60215 |
SAP_APPL 603 | SAPKH60314 |
SAP_APPL 604 | SAPKH60415 |
SAP_APPL 605 | SAPKH60512 |
SAP_APPL 606 | SAPKH60610 |
SAP_FIN 617 | SAPK-61702INSAPFIN |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1906841

Vahagn Vardanian

Potential disclosure of persisted data in XX-CSC-RU, SAP security note 1906841

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection
#database

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Vahagn Vardanian

Potential disclosure of persisted data in XX-CSC-RU, SAP security note 1906841

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#SQL-injection#database

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Special offer for SAP Security Udemy course!

$ 9.99

#SQL-injection
#database