Update #1 to Security Note 1523808, SAP security note 1562119

Description

The correction instructions provided for the vulnerability (missing authorization checks in CATT / eCATT) addressed in Security Note 1523808 must be corrected for the following releases:
– SAP_BASIS 730
– SAP_BASIS 720
– SAP_BASIS 711
– SAP_BASIS 710
– SAP_BASIS 702
– SAP_BASIS 701
– SAP_BASIS 700
– SAP_BASIS 640
– SAP_BASIS 620

The corrected correction instructions have been added to this note.

Available fix and Supported packages

SAP_BASIS | 620 | 640
SAP_BASIS | 700 | 702
SAP_BASIS | 710 | 730

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1562119

TAGS

#Authorization
#authorization-check
#CAT_CHECK_TABLE
#update
#update-note

More to explorer

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

October 22, 2024

Recently, SAP released a security update for SAP NetWeaver AS for ABAP and ABAP Platform, addressing multiple vulnerabilities related to cross-site scripting

[PoC] SAP Note 3433192 – Code Injection vulnerability in SAP NetWeaver AS Java

October 17, 2024

Overview Recently, SAP released Security Note 3433192, which addresses a critical code injection vulnerability (CVE-2024-22127) within the SAP NetWeaver AS Java Administrator

CVE-2024-37180 – Information Disclosure Vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform

October 8, 2024

Release Date: October 8, 2024SAP Security Note: 3454858Component: SAP NetWeaver Application Server for ABAP and ABAP PlatformPriority: MediumCategory: Information DisclosureCVE Identifier: CVE-2024-37180

CVE-2024-47594 – Cross-Site Scripting (XSS) Vulnerability in SAP NetWeaver Enterprise Portal (KMC)