Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Searching for passwords is possible in Exchange Profile UI, SAP security note 1519608

Description

In the Exchange Profile UI, a user can guess/search for passwords by typing the password in the search field.

Available fix and Supported packages

  • SAP_XIESR | 7.10 | 7.11
  • ESR 7.10 | SP007 | 000038
  • ESR 7.10 | SP008 | 000021
  • ESR 7.10 | SP009 | 000027
  • ESR 7.10 | SP010 | 000020
  • ESR 7.10 | SP011 | 000020
  • ESR 7.10 | SP012 | 000000
  • ESR 7.11 | SP003 | 000022
  • ESR 7.11 | SP004 | 000020
  • ESR 7.11 | SP005 | 000030
  • ESR 7.11 | SP006 | 000001
  • ESR 7.11 | SP007 | 000000

Affected component

    BC-XI-IBC
    Integration Builder – Configuration

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1519608

TAGS

#Information-Disclosure
#XI(Exchange-Infrastructure)
#ExchangeProfile
#ESR-password
#Integration-Builder-Tools-password
#PI-passwords.

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer