Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Security fixes for SRM DUET PUMA scenario, SAP security note 1426388

Description

As part of an original requirement for the DUET PUMA scenario, SRM provides a function module, which is called by the DUET server to retrieve budget information for a given shopping cart.  Based on an initial limitation for the DUET server, this function module had to provide importing parameters. However, this creates a security issue where a malicious user can abuse this parameter and see budget information for which he is not authorized.

Vulnerability Details:

The malicious user can call this function module and fill the parameter with a value, that gives him the authorization to see the budget information, although he does not have this authorization and should not be able to see this kind of information.

Affected Releases:
SAP SRM 5.0
SAP SRM 6.0
SAP SRM 7.0

Available fix and Supported packages

  • SRM_SERVER | 550 | 550
  • SRM_SERVER | 600 | 600
  • SRM_SERVER | 700 | 700
  • SRM_SERVER 600 | SAPKIBKU06 |
  • SRM_SERVER 550 | SAPKIBKT16 |
  • SRM_SERVER 700 | SAPKIBKV06 |

Affected component

    SRM-OSP
    SRM Duet / Office Applications

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1426388

TAGS

#SRM-OSP-SCA
#PUMA
#DUET

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.