Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

SAP Netweaver Business Client does not show warning dialog for specific invalid server certificates, SAP security note 2753595

Description

SAP Business Client does not show a warning, when web pages are using specific invalid HTTPS server certificates.

Some well-known impacts of missing certificate warnings are –

  • the security credentials the server presented could have been forged and this could go unnoticed by the end user
  • confidentiality of sensitive information entered in a web page could be compromised 

Available fix and Supported packages

  • BC-WD-CLT-BUS | 6.5 | 6.5
  • BC-WD-CLT-BUS | 7.0 | 7.0
  • SAP BUSINESS CLIENT 6.5 | SP015 | 000015
  • SAP BUSINESS CLIENT 7.0 | SP002 | 000002

Affected component

    BC-FES-BUS-DSK
    SAP Business Client for Desktop

CVSS

Score: 3.4
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2753595

TAGS

#SAP-Business-Client–SAP-NetWeaver-Business-Client–NWBC–SAP-BC–Server-Certificate–X.509

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN