Potential remote code execution in RFC lib, SAP security note 1481924

Description

This security note has been updated. For more detailed information, see Security Note 1523254.

A malicious user can exploit a memory corruption in the RFC library and take complete control of the product, including viewing, changing, or deleting data.

Available fix and Supported packages

SAP RFCSDK | 6.40 | 6.40
SAP RFCSDK | 7.00 | 7.00
SAP RFCSDK | 7.10 | 7.10
SAP RFCSDK | 7.11 | 7.11
SAP RFCSDK | 7.20 | 7.20
SAP_BASIS | 46A | 46D
SAP_BASIS | 610 | 640
SAP_BASIS | 700 | 702
SAP_BASIS | 710 | 720
SAP_BASIS | 72L | 72L
SAP RFCSDU | 6.40 | 6.40
SAP RFCSDU | 7.00 | 7.00
SAP RFCSDU | 7.10 | 7.10
SAP RFCSDU | 7.11 | 7.11
SAP RFCSDU | 7.20 | 7.20

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1481924

TAGS

#

More to explorer

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

October 22, 2024

Recently, SAP released a security update for SAP NetWeaver AS for ABAP and ABAP Platform, addressing multiple vulnerabilities related to cross-site scripting

[PoC] SAP Note 3433192 – Code Injection vulnerability in SAP NetWeaver AS Java

October 17, 2024

Overview Recently, SAP released Security Note 3433192, which addresses a critical code injection vulnerability (CVE-2024-22127) within the SAP NetWeaver AS Java Administrator

CVE-2024-37180 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

October 8, 2024

Release Date: October 8, 2024SAP Security Note: 3454858Component: SAP NetWeaver Application Server for ABAP and ABAP PlatformPriority: MediumCategory: Information DisclosureCVE Identifier: CVE-2024-37180

CVE-2024-47594 – Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal (KMC)