Skip links

Update 2 to security note 1651004, SAP security note 1839511

Description

Security note 1651004 has been rereleased due to missing validity entries. Newly-added releases that are affected are listed below:
SAP J2EE ENGINE 640 SP26, SP27, SP28, SP29
PORTAL PLATFORM 6.0_640 SP26, SP27, SP28, SP29

SAP J2EE ENGINE 700 SP23, SP24, SP25, SP26
SAP J2EE ENGINE CORE 700 SP23, SP24, SP25, SP26
SAP JAVA TECH SERVICES 700 SP23, SP24, SP25, SP26
PORTAL FRAMEWORK 700 SP23, SP24, SP25, SP26

SAP J2EE ENGINE 701 SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 701 SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 701 SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 701 SP07, SP08, SP09, SP10

SAP J2EE ENGINE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 702 SP05, SP06, SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 702 SP05, SP06, SP07, SP08, SP09, SP10

Available fix and Supported packages

  • EP-PSERV | 6.0_640 | 6.0_640
  • SAP-JEE | 6.40 | 6.40
  • SAP-JEE | 7.00 | 7.00
  • SAP_JTECHS | 7.00 | 7.01
  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 7.01 | 7.01

Affected component

    BC-JAS-SEC
    Security, User Management

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1839511

TAGS

#cross-frame-scripting
#XFS
#logon-application
#update
#update-note

Udemy SAP Security Course.

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. This course will help you master SAP security fundamentals, from securing SAP environments to managing user access and addressing vulnerabilities. It is ideal for IT professionals and SAP administrators, providing practical skills to safeguard critical business assets. Whether you’re a beginner or an expert looking to deepen your SAP security knowledge, this course is perfect for you.

More to explorer

SAP Hash Cracking Techniques

Understanding Hash Cracking Hashing is a one-way encryption technique employed to ensure data integrity, authenticate information, and secure passwords alongside other sensitive

SAP Security Patch Day – September 2024

As the second Tuesday of September 2024 approaches, SAP administrators and security professionals are preparing for another crucial event: SAP Security Patch

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.