Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Unauthorized use of application functions in BW-BCT-CRM-RTOM, SAP security note 1624909

Description

A malicious user can execute functions in BW-BCT-CRM-RTOM without authentication and authorization.

Available fix and Supported packages

  • BI_CONT | 703 | 703
  • BI_CONT | 704 | 704
  • BI_CONT | 705 | 705
  • BI_CONT | 706 | 706
  • BI_CONT | 711 | 711
  • BI_CONT | 735 | 735
  • BI_CONT | 736 | 736
  • BI_CONT | 746 | 746
  • BI_CONT 736 | SAPK-73601INBICONT |
  • BI_CONT 746 | SAPK-74601INBICONT |
  • BI_CONT 706 | SAPK-70603INBICONT |
  • BI_CONT 705 | SAPK-70507INBICONT |
  • BI_CONT 735 | SAPK-73506INBICONT |

Affected component

    BW-BCT-CRM-RTOM
    BW only – CRM Real-time offer management reports

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1624909

TAGS

#Cross-site-request-forgery
#XSRF
#BW-BCT-CRM-RTOM

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer