Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Unauthorized usage of ME_SWP services, SAP security note 1531512

Description

A malicious user can trigger functionalities in the Supplier Workplace services without authentication and authorization. The user can perform actions for which he has no authorization.
The following services can be affected and have now been protected.

ME_SWP_ALERT
ME_SWP_SRI
ME_SWP_IV
ME_SWP_PDI
ME_SWP_PH
ME_SWP_CO
ME_SWP
ME_SWP_GUI

Available fix and Supported packages

  • SAP_APPL | 500 | 500
  • SAP_APPL | 600 | 600
  • SAP_APPL | 602 | 602
  • SAP_APPL | 603 | 603
  • SAP_APPL | 604 | 604
  • SAP_APPL | 605 | 605
  • SAP_APPL 600 | SAPKH60019 |
  • SAP_APPL 602 | SAPKH60209 |
  • SAP_APPL 603 | SAPKH60308 |
  • SAP_APPL 604 | SAPKH60409 |
  • SAP_APPL 605 | SAPKH60504 |
  • SAP_APPL 500 | SAPKH50025 |

Affected component

    IS-A-SWP
    Supplier Workplace

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1531512

TAGS

#Cross-Site-Request-Forgery
#XSRF
#ITS
#SWP-services
#ME_SWP

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer