Skip links

Tomcat on MSA accessible from the network, SAP security note 1525994


The Apache Tomcat server delivered with SAP CRM Mobile Sales, which is required by the IPC (Internet Pricing & Configuration) user interface is accessible from the network. It could be abused by a malicious user on the network to read and modify data.

Available fix and Supported packages

  • APACHETOMCAT | 6.0 | 6.0
  • APACHETOMCAT | 5.5 | 5.5

Affected component

    Use CRM-MSA(IPC Configuration)


Score: 0


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.




How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies

SAP Security Patch Day RedRays

May 2024 SAP Security Patch Day

Vulnerability: Multiple vulnerabilities in SAP CX Commerce SAP Component: CEC-SCC-PLA-PL CVE ID: CVE-2019-17495 CVSS Score: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Category: Program error