Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Potential information disclosure relating to processes, SAP security note 1507266

Description

When working with Xcelsius dashboards that display BW data in the BEx runtime it can happen that exceptions are raised. These exceptions were rendered as an HTML error page including stack trace information and presented to the user. This information could have been used by malicious users to start specialised attacks.

Available fix and Supported packages

  • BI-BASE-E | 7.30 | 7.30
  • BI-BASE-B | 7.30 | 7.30
  • BI-BASE-S | 7.30 | 7.30
  • BIWEBAPP | 7.30 | 7.30
  • BI BASE EXPORT SERVICES 7.30 | SP005 | 000000
  • BI BASE FOUNDATION 7.30 | SP005 | 000000
  • BI BASE SERVICES 7.30 | SP005 | 000000
  • BI WEB APPLICATIONS 7.30 | SP005 | 000000

Affected component

    BW-BEX-ET
    Enduser Technology

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1507266

TAGS

#Information-disclosure
#BEx-Web
#Xcelsius-dashboard

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN