Potential unauthorized reading of text tables, SAP security note 1462366

Description

Program FINB_TR_DISPLAY_TEXT misses any authorization check.
Due to this fact, anyone can read text tables for all applications maintained in the table for Finbasis TR Applications.

Available fix and Supported packages

FINBASIS | 300 | 300
FINBASIS | 600 | 600
FINBASIS | 700 | 700
FINBASIS | 602 | 602
FINBASIS | 603 | 603
FINBASIS | 604 | 604
FINBASIS | 605 | 605
FINBASIS 600 | SAPK-60018INFINBASIS |
FINBASIS 602 | SAPK-60208INFINBASIS |
FINBASIS 603 | SAPK-60307INFINBASIS |
FINBASIS 605 | SAPK-60502INFINBASIS |
FINBASIS 300 | SAPK-30026INFINBASIS |
FINBASIS 604 | SAPK-60408INFINBASIS |
FINBASIS 700 | SAPK-70013INFINBASIS |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1462366

Vahagn Vardanian

Potential unauthorized reading of text tables, SAP security note 1462366

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#FINB_TR_DISPLAY_TEXT-authorization

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Vahagn Vardanian

Potential unauthorized reading of text tables, SAP security note 1462366

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#FINB_TR_DISPLAY_TEXT-authorization

More to explorer

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

Special offer for SAP Security Udemy course!

$ 9.99