Description
The Test Message tool in Runtime Workbench shows an SQL Exception when invalid input is used when saving a test message. A malicious user can use this to discover information relating to database data being used by PI. This information could be used to allow malicious users to specialize their attacks.
Available fix and Supported packages
- SAP_XITOOL | 7.10 | 7.11
- SAP_XITOOL | 7.30 | 7.30
- SAP_XITOOL | 7.31 | 7.31
- XI TOOLS 7.10 | SP008 | 000026
- XI TOOLS 7.10 | SP009 | 000022
- XI TOOLS 7.10 | SP010 | 000015
- XI TOOLS 7.10 | SP011 | 000012
- XI TOOLS 7.10 | SP013 | 000000
- XI TOOLS 7.11 | SP003 | 000026
- XI TOOLS 7.11 | SP004 | 000020
- XI TOOLS 7.11 | SP005 | 000008
- XI TOOLS 7.11 | SP006 | 000004
- XI TOOLS 7.11 | SP007 | 000000
- XI TOOLS 7.30 | SP001 | 000002
- XI TOOLS 7.30 | SP002 | 000001
- XI TOOLS 7.30 | SP003 | 000000
Affected component
- BC-XI-IS-WKB
Runtime Workbench / Monitoring
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1559700
