Skip links
🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Verb Tampering issues in LMCFG, SAP security note 1622551

Description

Problems with authorization and authentication checks in conjunction with the use of unusual HTTP methods exist in CTC

Available fix and Supported packages

  • LMCFG | 7.10 | 7.11
  • LMCFG | 7.20 | 7.20
  • LMCFG | 7.30 | 7.30
  • LMCFG | 7.31 | 7.31
  • LMCFG-BYD | 7.20 | 7.20
  • LM CONFIGURATION 7.10 | SP010 | 000002
  • LM CONFIGURATION 7.10 | SP011 | 000002
  • LM CONFIGURATION 7.10 | SP012 | 000001
  • LM CONFIGURATION 7.10 | SP013 | 000000
  • LM CONFIGURATION 7.10 | SP014 | 000000
  • LM CONFIGURATION 7.11 | SP004 | 000007
  • LM CONFIGURATION 7.11 | SP005 | 000004
  • LM CONFIGURATION 7.11 | SP006 | 000004
  • LM CONFIGURATION 7.11 | SP007 | 000002
  • LM CONFIGURATION 7.11 | SP008 | 000000
  • LM CONFIGURATION 7.11 | SP009 | 000000
  • LM CONFIGURATION 7.20 | SP002 | 000001
  • LM CONFIGURATION 7.20 | SP003 | 000001
  • LM CONFIGURATION 7.20 | SP004 | 000003
  • LM CONFIGURATION 7.20 | SP005 | 000001
  • LM CONFIGURATION 7.20 | SP007 | 000000
  • LM CONFIGURATION 7.30 | SP001 | 000006
  • LM CONFIGURATION 7.30 | SP002 | 000007
  • LM CONFIGURATION 7.30 | SP003 | 000003
  • LM CONFIGURATION 7.30 | SP004 | 000000
  • LM CONFIGURATION 7.31 | SP002 | 000000

Affected component

    BC-INS-CTC-CNT
    LM Automation Content

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1622551

TAGS

#Verb-Tampering
#HTTP-method
#&x00A0-&x00A0-CTC

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer