Description
Problems with authorization and authentication checks in conjunction with different HTTP methods used might exist in CMS (Change Management Service) of NWDI (NetWeaver Development Infrastructure).
Available fix and Supported packages
- DI_CMS | 7.00 | 7.02
- DI_CMS | 7.10 | 7.11
- DI_CMS | 7.20 | 7.20
- DI_CMS | 7.30 | 7.30
- DI_CMS | 7.31 | 7.31
- SAP_DEVINF | 6.40 | 6.40
- DI CHANGE MGMT. SERVER 7.01 | SP007 | 000002
- DI CHANGE MGMT. SERVER 7.01 | SP008 | 000001
- DI CHANGE MGMT. SERVER 7.01 | SP009 | 000001
- DI CHANGE MGMT. SERVER 7.01 | SP010 | 000001
- DI CHANGE MGMT. SERVER 7.01 | SP011 | 000000
- DI CHANGE MGMT. SERVER 7.02 | SP004 | 000002
- DI CHANGE MGMT. SERVER 7.02 | SP005 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP006 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP007 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP008 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP009 | 000001
- DI CHANGE MGMT. SERVER 7.02 | SP010 | 000000
- DI CHANGE MGMT. SERVER 7.00 | SP022 | 000003
- DI CHANGE MGMT. SERVER 7.00 | SP023 | 000001
- DI CHANGE MGMT. SERVER 7.00 | SP024 | 000002
- DI CHANGE MGMT. SERVER 7.00 | SP025 | 000001
- DI CHANGE MGMT. SERVER 7.00 | SP026 | 000000
- DI CHANGE MGMT. SERVER 7.10 | SP014 | 000000
- DI CHANGE MGMT. SERVER 7.11 | SP005 | 000002
- DI CHANGE MGMT. SERVER 7.11 | SP006 | 000001
Affected component
- BC-CTS-CMS
Change Management Service
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1617369
