Description
When CRM Transaction launcher is used to launch the backend applications, the backend applications could be abused by a malicious user, who could modify application content, persist the modified content without authorization, and potentially obtain authentication information from other legitimate users.
Available fix and Supported packages
- SAP_ABA | 700 | 700
- CRMUIF | 600 | 600
- PI | 2004_1_470 | 2004_1_500
- WEBCUIF | 700 | 700
- WEBCUIF | 701 | 701
- WEBCUIF | 731 | 731
- WEBCUIF | 730 | 730
- WEBCUIF | 746 | 746
- SAP_ABA 700 | SAPKA70027 |
- CRMUIF 600 | SAPK-60015INCRMUIF |
- PI 2004_1_470 | SAPKIPZI5J |
- PI 2004_1_500 | SAPKIPZI6L |
- WEBCUIF 731 | SAPK-73103INWEBCUIF |
- WEBCUIF 700 | SAPK-70012INWEBCUIF |
- WEBCUIF 701 | SAPK-70109INWEBCUIF |
- WEBCUIF 730 | SAPK-73004INWEBCUIF |
- WEBCUIF 731 | SAPK-73104INWEBCUIF |
- WEBCUIF 746 | 746 |
Affected component
- CA-WUI-APF
Application Frame
CVSS
Score: 0
Exploit
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1674616
