Description
A malicious user can execute functions in CRM-IC-SEA without authentication and authorization.
Available fix and Supported packages
- SAP_ABA | 700 | 700
- CRMUIF | 520 | 520
- CRMUIF | 600 | 600
- WEBCUIF | 700 | 700
- WEBCUIF | 701 | 701
- WEBCUIF | 731 | 731
- WEBCUIF | 730 | 730
- WEBCUIF | 746 | 746
- SAP_ABA 700 | SAPKA70026 |
- CRMUIF 520 | SAPK-52013INCRMUIF |
- CRMUIF 600 | SAPK-60014INCRMUIF |
- WEBCUIF 731 | SAPK-73101INWEBCUIF |
- WEBCUIF 700 | SAPK-70011INWEBCUIF |
- WEBCUIF 701 | SAPK-70107INWEBCUIF |
- WEBCUIF 730 | SAPK-73003INWEBCUIF |
- WEBCUIF 731 | SAPK-73102INWEBCUIF |
- WEBCUIF 746 | 746 |
Affected component
- CA-GTF-IC-SCR
use CRM-IC-SCR(Scripting)
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1596226
