Description
UPDATE 14th July 2020 : This note has been re-released with the updated ‘Correction instruction’ information.
UPDATE 23rd July 2019: This note has been re-released with updated ‘Correction instruction’ information for the release 710. Also CVSS details were added.
SAP Internet Communication Framework fails for public services to validate access control list (ACL) information of table HTTP_WHITELIST and to logout user correctly.
Available fix and Supported packages
- SAP_BASIS | 700 | 702
- SAP_BASIS | 710 | 711
- SAP_BASIS | 730 | 730
- SAP_BASIS | 731 | 731
- SAP_BASIS | 740 | 740
- SAP_BASIS 710 | SAPKB71020 |
- SAP_BASIS 711 | SAPKB71115 |
- SAP_BASIS 700 | SAPKB70033 |
- SAP_BASIS 701 | SAPKB70118 |
- SAP_BASIS 702 | SAPKB70218 |
- SAP_BASIS 730 | SAPKB73014 |
- SAP_BASIS 731 | SAPKB73117 |
- SAP_BASIS 740 | SAPKB74013 |
Affected component
- BC-MID-ICF
Internet Communication Framework
CVSS
Score: 5.0
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2189853