Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Unauthorized usage of application functionality agency coll., SAP security note 1509886

Description

A malicious user can trigger functionality in the italian agency collection functionality in FS-CD without authentication and authorization.

Important: This note is only relevant for customers who are using FS-CD (software component INSURANCE) and (!) the italian agency collection (BSP application ITAGCY activation via transaction ITAGCYCUST -> Basic Settings -> Basic settings for agency collections). All other customers are NOT affected and do not need to implement this note.

Available fix and Supported packages

  • INSURANCE | 472 | 472
  • INSURANCE | 600 | 600
  • INSURANCE | 602 | 602
  • INSURANCE | 603 | 603
  • INSURANCE | 604 | 604
  • INSURANCE | 605 | 605
  • INSURANCE 600 | SAPK-60019ININSURANC |
  • INSURANCE 602 | SAPK-60209ININSURANC |
  • INSURANCE 603 | SAPK-60308ININSURANC |
  • INSURANCE 604 | SAPK-60409ININSURANC |
  • INSURANCE 605 | SAPK-60503ININSURANC |
  • INSURANCE 605 | SAPK-60504ININSURANC |
  • INSURANCE 472 | SAPKIPIN21 |

Affected component

    FS-CD
    Collections and Disbursements

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1509886

TAGS

#Cross-Site-Request-Forgery
#XSRF
#BSP
#ITAGCY
#agency

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN