Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

Unauthorized use of application functions in WEBCUIF, SAP security note 1772190

Description

An attacker can execute functions in WEBCUIF without authentication and authorization.

Available fix and Supported packages

  • CRMUIF | 600 | 600
  • WEBCUIF | 700 | 700
  • WEBCUIF | 701 | 701
  • WEBCUIF | 731 | 731
  • WEBCUIF | 730 | 730
  • WEBCUIF | 746 | 746
  • CRMUIF 600 | SAPK-60016INCRMUIF |
  • WEBCUIF 746 | SAPK-74601INWEBCUIF |
  • WEBCUIF 700 | SAPK-70013INWEBCUIF |
  • WEBCUIF 701 | SAPK-70110INWEBCUIF |
  • WEBCUIF 730 | SAPK-73005INWEBCUIF |
  • WEBCUIF 731 | SAPK-73106INWEBCUIF |

Affected component

    CA-WUI
    WebClient User Interface

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1772190

TAGS

#Cross-site-request-forgery
#XSRF
#WEBCUIF

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.