Description
UPDATE 13th October 2020: This note has been re-released with updated ‘Correction instruction’ information. We added the prerequisite notes 2304952, 2311994 in the correction instruction.
S_RFC authorization checks are not sufficient to ensure secure execution of RFC function modules covered by this SAP Note. New switchable authorization checks have been implemented for RFC function modules in FI-CAX-FS.
Available fix and Supported packages
- FI-CAX | 602 | 602
- FI-CAX | 603 | 603
- FI-CAX | 604 | 604
- FI-CAX | 605 | 605
- FI-CAX | 606 | 606
- FI-CAX | 616 | 616
- FI-CAX | 617 | 617
- FI-CAX | 618 | 618
- FI-CAX | 800 | 800
- FI-CAX | 801 | 801
- FI-CAX | 619 | 619
- FI-CAX | 802 | 802
- FI-CAX 602 | SAPK-60220INFICAX |
- FI-CAX 603 | SAPK-60319INFICAX |
- FI-CAX 604 | SAPK-60420INFICAX |
- FI-CAX 605 | SAPK-60517INFICAX |
- FI-CAX 606 | SAPK-60620INFICAX |
- FI-CAX 616 | SAPK-61612INFICAX |
- FI-CAX 617 | SAPK-61715INFICAX |
- FI-CAX 802 | SAPK-80201INFICAX |
- FI-CAX 618 | SAPK-61809INFICAX |
- FI-CAX 800 | SAPK-80006INFICAX |
- FI-CAX 801 | SAPK-80104INFICAX |
- FI-CAX 606 | SAPK-60621INFICAX |
Affected component
- FI-CAX-FS
Integration Banking Services
CVSS
Score: 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2531082
