Vahagn Vardanian

Co-founder and CTO of RedRays

September 23, 2011
10:40 am

Update #1 for Security Note 1444282, SAP security note 1633982

Description

This is a supplementary SAP Note for Security Note 1444282. A new option for the value of the instance profile parameter gw/reg_no_conn_info has been added.

The priority of Security Note 1444282 was increased from “Low” to “Medium”.

A line of the file defined by gw/reginfo has the following options:

P|D TP= HOST= CANCEL= ACCESS= NO=

The ACCESS option in the file defined by gw/reginfo does not react correctly if the bit 1 is set in the parameter gw/reg_no_conn_info (see SAP Note 1298433).

Available fix and Supported packages

KRNL32NUC | 4.6DEXT | 4.6DEX2
KRNL32NUC | 6.40 | 6.40EX2
KRNL32NUC | 7.00 | 7.01
KRNL32NUC | 7.10 | 7.20
KRNL32NUC | 7.20EXT | 7.20EXT
KRNL32UC | 6.40 | 6.40EX2
KRNL32UC | 7.00 | 7.01
KRNL32UC | 7.10 | 7.20
KRNL32UC | 7.20EXT | 7.20EXT
KRNL64NUC | 4.6DEXT | 4.6DEX2
KRNL64NUC | 6.40 | 6.40EX2
KRNL64NUC | 7.00 | 7.01
KRNL64NUC | 7.10 | 7.20
KRNL64NUC | 7.20EXT | 7.20EXT
KRNL64UC | 6.40 | 6.40EX2
KRNL64UC | 7.00 | 7.01
KRNL64UC | 7.10 | 7.20
KRNL64UC | 7.20EXT | 7.20EXT
KERNEL | 4.6D | 4.6D
KERNEL | 6.40 | 6.40
SAP KERNEL 4.6D_EX2 32-BIT | SP605 | 002605
SAP KERNEL 6.40 64-BIT | SP388 | 000388
SAP KERNEL 6.40 64-BIT UNICODE | SP388 | 000388
SAP KERNEL 7.00 32-BIT UNICODE | SP323 | 000323
SAP KERNEL 7.01 32-BIT | SP164 | 000164
SAP KERNEL 7.01 32-BIT UNICODE | SP164 | 000164
SAP KERNEL 7.01 64-BIT | SP164 | 000164
SAP KERNEL 7.01 64-BIT UNICODE | SP164 | 000164
SAP KERNEL 7.10 32-BIT | SP259 | 000259
SAP KERNEL 7.10 32-BIT UNICODE | SP259 | 000259
SAP KERNEL 7.10 64-BIT | SP259 | 000259
SAP KERNEL 7.10 64-BIT UNICODE | SP259 | 000259
SAP KERNEL 7.11 32-BIT | SP146 | 000146
SAP KERNEL 7.11 32-BIT UNICODE | SP146 | 000146
SAP KERNEL 7.11 64-BIT | SP146 | 000146
SAP KERNEL 7.11 64-BIT UNICODE | SP146 | 000146
SAP KERNEL 7.20 32-BIT | SP108 | 000108
SAP KERNEL 7.20 32-BIT UNICODE | SP108 | 000108
SAP KERNEL 7.20 64-BIT | SP108 | 000108
SAP KERNEL 7.20 64-BIT UNICODE | SP108 | 000108

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1633982

TAGS

#reginfo-reg_info-gw/reginfo-gw/reg_no_conn_info
#ACCESS-update
#update
#note
#security
#gwrd-reg_no_conn_info
#IP
#connect
#accpt
#start

More to explorer

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

October 22, 2024

Recently, SAP released a security update for SAP NetWeaver AS for ABAP and ABAP Platform, addressing multiple vulnerabilities related to cross-site scripting

[PoC] SAP Note 3433192 – Code Injection vulnerability in SAP NetWeaver AS Java

October 17, 2024

Overview Recently, SAP released Security Note 3433192, which addresses a critical code injection vulnerability (CVE-2024-22127) within the SAP NetWeaver AS Java Administrator

CVE-2024-37180 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

October 8, 2024

Release Date: October 8, 2024SAP Security Note: 3454858Component: SAP NetWeaver Application Server for ABAP and ABAP PlatformPriority: MediumCategory: Information DisclosureCVE Identifier: CVE-2024-37180

CVE-2024-47594 – Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal (KMC)