Description
The Italian Agency Collection functionality in FS-CD can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users.
Important: This note is only relevant for customers who use FS-CD (software component INSURANCE) and (!) the Italian agency collection functionality (BSP application ITAGCY, activation using transaction ITAGCYCUST -> “Basic Settings -> Basic settings for agency collections”). Other customers are not affected and do not have to implement this note.
Available fix and Supported packages
- INSURANCE | 472 | 472
- INSURANCE | 600 | 600
- INSURANCE | 602 | 602
- INSURANCE | 603 | 603
- INSURANCE | 604 | 604
- INSURANCE | 605 | 605
- INSURANCE | 606 | 606
- INSURANCE | 616 | 616
- INSURANCE 472 | SAPKIPIN22 |
- INSURANCE 600 | SAPK-60021ININSURANC |
- INSURANCE 602 | SAPK-60211ININSURANC |
- INSURANCE 603 | SAPK-60310ININSURANC |
- INSURANCE 604 | SAPK-60411ININSURANC |
- INSURANCE 605 | SAPK-60507ININSURANC |
- INSURANCE 606 | SAPK-60602ININSURANC |
- INSURANCE 616 | 616 |
Affected component
- FS-CD
Collections and Disbursements
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1644876
