Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Update #1 to Security Note 1501646, SAP security note 1575499

Description

Long text and SP Patch level of note 1501646 were updated according to availability of XSRF protection in CRM 7.01.

The SP Patch Levels were increased for CRM 7.01 from SP3 Patch level 0 to SP3 Patch Level 3 for the following software components: CRM JAVA APPLICATIONS, CRM JAVA COMPONENTS, CRM JAVA WEB COMPONENTS, SAP SHARED JAVA APPLIC, SAP SHARED JAVA COMP and SAP SHARED WEB COMPONENTS.

Please note that XSRF protection is not available in CRM 7.01 SP1 and CRM 7.01 SP2, therefore, it is  recommended that you upgrade to at least SP3 if your CRM release is 7.01.

Available fix and Supported packages

  • SAP-CRMJAV | 701 | 701
  • SAP-CRMWEB | 701 | 701
  • SAP-SHRWEB | 701 | 701
  • SAP-SHRJAV | 701 | 701
  • SAP-CRMAPP | 701 | 701
  • SAP-SHRAPP | 701 | 701
  • CRM JAVA APPLICATIONS 7.01 | SP003 | 000003
  • CRM JAVA COMPONENTS 7.01 | SP003 | 000003
  • CRM JAVA WEB COMPONENTS 7.01 | SP003 | 000003
  • SAP SHARED JAVA APPLIC. 7.01 | SP003 | 000003
  • SAP SHARED JAVA COMP. 7.01 | SP003 | 000003
  • SAP SHARED WEB COMPONENTS 7.01 | SP003 | 000003

Affected component

    CRM-ISA
    Internet Sales

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1575499

TAGS

#Cross-site-request-forgery
#XSRF
#CSRF
#SAP-Internet-Sales
#ISA
#ISE
#ECO
#Web-Channel
#CRM
#E-Commerce
#ECommerce
#Update
#Update-Note

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,

Protect Your SAP with RedRays Security Platform

Explore the Power of Our Scanner with an Interactive Prototype Below