Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Unauthorized change of displayed contents in IUBOTRCP, SAP security note 1484711

Description

By manipulating IUBOTRCP or IUOVA, an attacker can change displayed data of another user without authorization and may also be able to access his authorization data.

Available fix and Supported packages

  • BBPCRM | 600 | 600
  • BBPCRM | 700 | 700
  • BBPCRM | 701 | 701
  • BBPCRM 600 | SAPKU60008 |
  • BBPCRM 701 | SAPKU70102 |
  • BBPCRM 700 | SAPKU70008 |

Affected component

    CRM-IU-XC
    Cross Components

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1484711

TAGS

#Reflected-cross-site-scripting
#XSS

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.