Description
This security note has been updated. For more detailed information, see Security Note 1653065.
The ERMS E-mail Workbench and the Agent Inbox E-Mail Editor can be abused by a malicious user allowing them to modify application content, and persist the modified content without authorization and to potentially obtain authentication information from other legitimate users.
Available fix and Supported packages
- BBPCRM | 500 | 500
- BBPCRM | 520 | 520
- BBPCRM | 600 | 600
- BBPCRM | 700 | 700
- BBPCRM | 701 | 701
- WEBCUIF | 701 | 701
- CRMIS | 400 | 400
- BBPCRM 701 | SAPKU70102 |
- BBPCRM 500 | SAPKU50018 |
- BBPCRM 520 | SAPKU52011 |
- BBPCRM 600 | SAPKU60009 |
- BBPCRM 700 | SAPKU70009 |
- BBPCRM 701 | SAPKU70103 |
- WEBCUIF 701 | SAPK-70103INWEBCUIF |
- CRMIS 400 | SAPK-40013INCRMIS |
Affected component
- CRM-IC-EMS-MON
Monitoring
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1497951