Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Potential information disclosure relating to WEC-APP-PAY, SAP security note 1849892

Description

An attacker can discover information relating to WEC-APP-PAY. This information could be used to allow the attacker to specialize their attacks against WEC-APP-PAY.

Available fix and Supported packages

  • SAP-WEC-FRW | 1.0 | 1.0
  • SAP-WEC-FRW | 2.0 | 2.0
  • SAP-WEC-FRW | 3.0 | 3.0
  • SAP-WEC | 1.0 | 1.0
  • SAP-WEC | 2.0 | 2.0
  • SAP-WEC | 3.0 | 3.0
  • WEB CHANNEL 1.0 | SP001 | 000026
  • WEB CHANNEL 2.0 | SP000 | 000028
  • WEB CHANNEL 3.0 | SP000 | 000016
  • WEB CHANNEL FRAMEWORK 1.0 | SP001 | 000026
  • WEB CHANNEL FRAMEWORK 2.0 | SP000 | 000028
  • WEB CHANNEL FRAMEWORK 3.0 | SP000 | 000016

Affected component

    WEC-APP-PAY
    Web Channel: Basic Functions – Payment Method

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1849892

TAGS

#Disclosure&160-CVV-in-session-tracing
#&160-&160-single-session-logging
#WCEM
#Web-Channel-Experience-Management
#Credit-Cards
#Payment
#Order
#My-Profile.Information-disclosure
#WEC-APP-PAY

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.