Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Unauthorized change of contents displayed in agency collctns, SAP security note 1676678

Description

The function of Italian agency collections in FS-CD can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.

Important: This SAP Note is only relevant for customers who use FS-CD (software component INSURANCE) and (!) the Italian agency collections function (BSP application ITAGCY, activation using transaction ITAGCYCUST -> “Basic Settings -> Basic settings for agency collections”) verwenden. Other customers are not affected and do not have to implement this SAP Note.

Available fix and Supported packages

  • INSURANCE | 600 | 600
  • INSURANCE | 602 | 602
  • INSURANCE | 603 | 603
  • INSURANCE | 604 | 604
  • INSURANCE | 605 | 605
  • INSURANCE | 606 | 606
  • INSURANCE | 616 | 616
  • INSURANCE 600 | SAPK-60021ININSURANC |
  • INSURANCE 602 | SAPK-60211ININSURANC |
  • INSURANCE 603 | SAPK-60310ININSURANC |
  • INSURANCE 604 | SAPK-60411ININSURANC |
  • INSURANCE 605 | SAPK-60508ININSURANC |
  • INSURANCE 606 | SAPK-60603ININSURANC |
  • INSURANCE 616 | 616 |

Affected component

    FS-CD
    Collections and Disbursements

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1676678

TAGS

#Reflected-cross-site-scripting
#XSS
#agency-collections
#Italy

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,

Protect Your SAP with RedRays Security Platform

Explore the Power of Our Scanner with an Interactive Prototype Below