Skip links

Protect access to PSE files by additional AUTHORITY-CHECK, SAP security note 1497104

Description

Insufficient authorization checks may allow ABAP programs to access PSE files.

Available fix and Supported packages

  • SAP_APPL | 40A | 40B
  • SAP_APPL | 45A | 45B
  • SAP_APPL | 46A | 46B
  • SAP_BASIS | 46A | 46D
  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 730
  • SAP_BASIS | 72L | 72L
  • SAP KERNEL 4.6D_EX2 32-BIT | SP2540 | 002540
  • SAP KERNEL 4.6D_EX2 64-BIT | SP2540 | 002540
  • SAP KERNEL 4.6D_EXT 32-BIT | SP2540 | 002540
  • SAP KERNEL 4.6D_EXT 64-BIT | SP2540 | 002540
  • SAP KERNEL 6.40 32-BIT | SP342 | 000342
  • SAP KERNEL 6.40 32-BIT UNICODE | SP342 | 000342
  • SAP KERNEL 6.40 64-BIT | SP342 | 000342
  • SAP KERNEL 6.40 64-BIT UNICODE | SP342 | 000342
  • SAP KERNEL 6.40_EX2 32-BIT | SP342 | 000342
  • SAP KERNEL 6.40_EX2 32-BIT UC | SP342 | 000342
  • SAP KERNEL 6.40_EX2 64-BIT | SP342 | 000342
  • SAP KERNEL 6.40_EX2 64-BIT UC | SP342 | 000342
  • SAP KERNEL 7.00 32-BIT | SP268 | 000268
  • SAP KERNEL 7.00 32-BIT UNICODE | SP268 | 000268
  • SAP KERNEL 7.00 64-BIT | SP268 | 000268
  • SAP KERNEL 7.00 64-BIT UNICODE | SP268 | 000268
  • SAP KERNEL 7.01 32-BIT | SP106 | 000106
  • SAP KERNEL 7.01 32-BIT UNICODE | SP106 | 000106
  • SAP KERNEL 7.01 64-BIT | SP106 | 000106
  • SAP KERNEL 7.01 64-BIT UNICODE | SP106 | 000106

Affected component

    BC-SEC-SSF
    Secure Store and Forward

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1497104

TAGS

#STRUST
#public-key
#PSE
#Personal-Security-Environment

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies

SAP Security Patch Day RedRays

May 2024 SAP Security Patch Day

Vulnerability: Multiple vulnerabilities in SAP CX Commerce SAP Component: CEC-SCC-PLA-PL CVE ID: CVE-2019-17495 CVSS Score: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Category: Program error