By entering the ‘-TV’ user parameter with transaction SU01, SU3 or one of the BAPIs belonging to the USER BOR object into a user master record, the behavior of the transaction start authorization check is changed.
This represents a security problem.
Available fix and Supported packages
- SAP_APPL | 45B | 45B
- SAP_BASIS | 46B | 46D
- SAP_BASIS | 610 | 620
- SAP_APPL 45B | SAPKH45B59 |
- SAP_BASIS 46C | SAPKB46C40 |
- SAP_BASIS 46D | SAPKB46D29 |
- SAP_BASIS 610 | SAPKB61028 |
- SAP_BASIS 46B | SAPKB46B49 |
- SAP_BASIS 620 | SAPKB62016 |
Security – Read KBA 2985997 for subcomponents
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.