Security problem with user parameter ‘ -TV’, SAP security note 574214

Description

By entering the ‘-TV’ user parameter with transaction SU01, SU3 or one of the BAPIs belonging to the USER BOR object into a user master record, the behavior of the transaction start authorization check is changed.
This represents a security problem.

Available fix and Supported packages

SAP_APPL | 45B | 45B
SAP_BASIS | 46B | 46D
SAP_BASIS | 610 | 620
SAP_APPL 45B | SAPKH45B59 |
SAP_BASIS 46C | SAPKB46C40 |
SAP_BASIS 46D | SAPKB46D29 |
SAP_BASIS 610 | SAPKB61028 |
SAP_BASIS 46B | SAPKB46B49 |
SAP_BASIS 620 | SAPKB62016 |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/574214

Vahagn Vardanian

Security problem with user parameter ‘ -TV’, SAP security note 574214

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Vahagn Vardanian

Security problem with user parameter ‘ -TV’, SAP security note 574214

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Special offer for SAP Security Udemy course!

$ 9.99