Description
An attacker can be authenticated to the IPC server used by SAP CRM Mobile Sales without having their own legitimate credentials, or they may escalate privileges.
Available fix and Supported packages
- SAP-IPCMSA | 5.0 | 5.0
- SAP-IPCMSA | 6.0 | 6.0
- SAP-IPCMSA | 700 | 700
- SAP-IPCMSA | 701 | 701
- CRM IPC MOBILE 6.0 | SP009 | 000001
- CRM IPC MOBILE 7.0 | SP010 | 000001
- CRM IPC MOBILE 7.01 | SP006 | 000000
- CRM IPC MOBILE 7.01 | SP007 | 000001
- CRM IPC MOBILE 7.02 | SP001 | 000002
- CRM IPC MOBILE 7.02 | SP003 | 000000
- CRM IPC MOBILE 7.30 | SP000 | 000004
- CRM IPC MOBILE 7.31 | SP000 | 000001
- CRM IPC MOBILE 7.32 | SP002 | 000001
- CRM JAVA APPLICATIONS 5.0 | SP019 | 000021
- SAP SHARED JAVA APPLIC. 5.0 | SP019 | 000021
Affected component
- CRM-IPC
Internet Pricing and Configurator
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1673533
