Description
The following 3 issues are possible:
1. The SAP Retail Store can be abused by a malicious user allowing them to modify displayed application content without authorization and to potentially obtain authentication information from other legitimate users.
2. The SAP Retail Store can be abused by a malicious user allowing them to modify application content, and persist the modified content without authorization and to potentially obtain authentication information from other legitimate users.
3. A malicious user can trigger functionality in SAP Retail Store without authentication and authorization.
Available fix and Supported packages
- EA-RETAIL | 500 | 500
- EA-RETAIL | 600 | 600
- EA-RETAIL | 602 | 602
- EA-RETAIL | 603 | 603
- EA-RETAIL | 604 | 604
- EA-RETAIL | 605 | 605
- EA-RETAIL 600 | SAPKGPRD19 |
- EA-RETAIL 602 | SAPK-60209INEARETAIL |
- EA-RETAIL 603 | SAPK-60308INEARETAIL |
- EA-RETAIL 604 | SAPK-60409INEARETAIL |
- EA-RETAIL 605 | SAPK-60503INEARETAIL |
- EA-RETAIL 500 | SAPKGPRC25 |
Affected component
- LO-SRS
SAP Retail Store
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1437902
