Description
A malicious user can discover information relating to user navigation history in CRM Web Channel B2B application. This information could be used to allow the malicious user to specialize their attacks against B2B web shop.
Available fix and Supported packages
- SAP-CRMJAV | 5.0 | 5.0
- SAP-CRMJAV | 6.0 | 6.0
- SAP-CRMJAV | 700 | 700
- SAP-CRMJAV | 701 | 701
- SAP-CRMJAV | 730 | 730
- SAP-CRMWEB | 5.0 | 5.0
- SAP-CRMWEB | 6.0 | 6.0
- SAP-CRMWEB | 700 | 700
- SAP-CRMWEB | 701 | 701
- SAP-CRMWEB | 730 | 730
- SAP-SHRWEB | 5.0 | 5.0
- SAP-SHRWEB | 6.0 | 6.0
- SAP-SHRWEB | 700 | 700
- SAP-SHRWEB | 701 | 701
- SAP-SHRWEB | 730 | 730
- SAP-SHRJAV | 5.0 | 5.0
- SAP-SHRJAV | 6.0 | 6.0
- SAP-SHRJAV | 700 | 700
- SAP-SHRJAV | 701 | 701
- SAP-SHRJAV | 730 | 730
- CRM JAVA APPLICATIONS 5.0 | SP019 | 000008
- CRM JAVA APPLICATIONS 6.0 | SP009 | 000004
- CRM JAVA APPLICATIONS 7.0 | SP010 | 000006
- CRM JAVA APPLICATIONS 7.01 | SP006 | 000004
- CRM JAVA APPLICATIONS 7.30 | SP000 | 000013
- CRM JAVA COMPONENTS 5.0 | SP019 | 000008
- CRM JAVA COMPONENTS 6.0 | SP009 | 000004
- CRM JAVA COMPONENTS 7.0 | SP010 | 000006
- CRM JAVA COMPONENTS 7.01 | SP006 | 000004
- CRM JAVA COMPONENTS 7.30 | SP000 | 000013
- CRM JAVA WEB COMPONENTS 5.0 | SP019 | 000008
- CRM JAVA WEB COMPONENTS 6.0 | SP009 | 000004
- CRM JAVA WEB COMPONENTS 7.0 | SP010 | 000006
- CRM JAVA WEB COMPONENTS 7.01 | SP006 | 000004
- CRM JAVA WEB COMPONENTS 7.30 | SP000 | 000013
- SAP SHARED JAVA APPLIC. 5.0 | SP019 | 000008
- SAP SHARED JAVA APPLIC. 6.0 | SP009 | 000004
- SAP SHARED JAVA APPLIC. 7.0 | SP010 | 000006
- SAP SHARED JAVA APPLIC. 7.01 | SP006 | 000004
- SAP SHARED JAVA APPLIC. 7.30 | SP000 | 000013
Affected component
- CRM-ISA-BBS
Business-to-Business Sales
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1617550
