Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Unauthorized modification of displayed content in WEBCUIF, SAP security note 1470998

Description

Some of the BSP pages in software components WEBCUIF and CRMUIF can be abused by a malicious user allowing them to modify displayed application content without authorization and potentially obtain authentication information from other legitimate users.

Available fix and Supported packages

  • CRMUIF | 510 | 510
  • CRMUIF | 520 | 520
  • CRMUIF | 600 | 600
  • WEBCUIF | 700 | 700
  • WEBCUIF | 701 | 701
  • WEBCUIF | 730 | 730
  • CRMUIF 510 | SAPK-51008INCRMUIF |
  • CRMUIF 520 | SAPK-52011INCRMUIF |
  • CRMUIF 600 | SAPK-60010INCRMUIF |
  • CRMUIF 600 | SAPK-60011INCRMUIF |
  • WEBCUIF 701 | SAPK-70102INWEBCUIF |
  • WEBCUIF 700 | SAPK-70008INWEBCUIF |
  • WEBCUIF 730 | 730 |

Affected component

    CA-WUI
    WebClient User Interface

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1470998

TAGS

#Reflected-Cross-Site-Scripting
#XSS
#WEBCUIF
#CRMUIF

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer