Description
This is an update to SAP Security Note 1686632, since the SAP Note in its original version was not clear for releases 620 and 640 as well as for releases from 700 onwards in conjunction with the kernel versions 720 and 721 available.
When you use a synchronous RFC in ABAP, you can, from the context of the remote (called) function module, use the RFC destination “BACK” to execute remote-enabled modules in the context of the RFC caller if the RFC caller has the necessary RFC authorizations and the callback is not prohibited by the previous call of the function module RFC_CALLBACK_REJECTED (see SAP Note 1515925).
Available fix and Supported packages
- KRNL32NUC | 6.40 | 6.40EX2
- KRNL32NUC | 7.20 | 7.20
- KRNL32NUC | 7.20EXT | 7.20EXT
- KRNL32NUC | 7.21 | 7.21
- KRNL32NUC | 7.21EXT | 7.21EXT
- KRNL32UC | 6.40 | 6.40EX2
- KRNL32UC | 7.20 | 7.20
- KRNL32UC | 7.20EXT | 7.20EXT
- KRNL32UC | 7.21 | 7.21
- KRNL32UC | 7.21EXT | 7.21EXT
- KRNL64NUC | 6.40 | 6.40EX2
- KRNL64NUC | 7.20 | 7.20
- KRNL64NUC | 7.20EXT | 7.20EXT
- KRNL64NUC | 7.21 | 7.21
- KRNL64NUC | 7.21EXT | 7.21EXT
- KRNL64NUC | 7.38 | 7.38
- KRNL64NUC | 7.40 | 7.40
- KRNL64NUC | 7.41 | 7.41
- KRNL64NUC | 7.42 | 7.42
- KRNL64UC | 6.40 | 6.40EX2
Affected component
- BC-MID-RFC
RFC
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2102941