Description
The registration of Potential Supplier in SRM ROS (Registration of Supplier) application could be abused by a malicious user, who could modify displayed application content and cause long application running time by forcing the loops based on user input (f.e. processings of attachment file name or list of purchasing categories) into an extreme number of iterations.
Available fix and Supported packages
- SRM_SERVER | 500 | 500
- SRM_SERVER | 550 | 550
- SRM_SERVER | 600 | 600
- SRM_SERVER | 700 | 700
- SRM_SERVER | 701 | 701
- SRM_SERVER 600 | SAPKIBKU06 |
- SRM_SERVER 701 | SAPK-70102INSRMSRV |
- SRM_SERVER 500 | SAPKIBKS17 |
- SRM_SERVER 700 | SAPKIBKV09 |
- SRM_SERVER 550 | SAPKIBKT18 |
Affected component
- SRM-ROS
Supplier Registration
CVSS
Score: 0
Exploit
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1489430
