Description
Until SP19, MDM supported SSLv3, which was vulnerable to various security issues like POODLE attack.
Available fix and Supported packages
- MDM_JAVA_API | 710 | 710
- MDM_CLIX | 710 | 710
- MDM_IMP_SRV | 710 | 710
- MDM_SYND_SRV | 710 | 710
- MDM_IMPORT_MANAGER | 710 | 710
- MDM_SYNDICATOR | 710 | 710
- MDM_CONSOLE | 710 | 710
- MDM_DATA_MANAGER | 710 | 710
- MDM_DOTNET_API | 710 | 710
- MDM_SHARED_INSTALL_CONTENT | 710 | 710
- MDM_SERVER | 7.1 | 7.1
- MDM CLIX 7.1 | SP019 | 000000
- MDM CONSOLE 7.1 | SP019 | 000000
- MDM DATA MANAGER 7.1 | SP019 | 000000
- MDM DOTNET API 7.1 | SP019 | 000000
- MDM IMPORT MANAGER 7.1 | SP019 | 000000
- MDM IMPORT SERVER 7.1 | SP019 | 000000
- MDM JAVA API 7.1 | SP019 | 000000
- MDM SERVER 7.1 | SP019 | 000000
- MDM SYNDICATION SERVER 7.1 | SP019 | 000000
- MDM SYNDICATOR 7.1 | SP019 | 000000
Affected component
- MDM-FN-MDS-SEC
Security
CVSS
Score: 6.4
CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2504979