Description
UPDATE 9th July 2019: This note has been re-released with updated ‘Correction instruction’ information and also added CVSS details.
SRM-SUS and SRM-EBP-SHP can be abused by a malicious user, allowing them to modify displayed application content without authorization, and to potentially obtain authentification information from other legitimate users.
Available fix and Supported packages
- BBPCRM | 500 | 500
- BBPCRM | 520 | 520
- BBPCRM | 600 | 600
- BBPCRM | 700 | 700
- BBPCRM | 701 | 701
- BBPCRM | 702 | 702
- BBPCRM | 712 | 712
- BBPCRM 520 | SAPKU52011 |
- BBPCRM 700 | SAPKU70011 |
- BBPCRM 702 | SAPKU70202 |
- BBPCRM 701 | SAPKU70108 |
- BBPCRM 500 | SAPKU50021 |
- BBPCRM 600 | SAPKU60012 |
- BBPCRM 712 | 712 |
Affected component
- SRM-SUS
Supplier Self-Services
CVSS
Score: 4.7
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1661568