Description
A malicious user can trigger functionality in the following BSP
applications without authentication and authorization: CRM_DAM_APPLOG, CRM_DAM_AQ, CRM_DAM_AT_ADM, CRM_DAM_CONFIRM, CRM_DAM_FR_AQ, CRM_DAM_IR_AQ, CRM_DAM_LINK_BO, CRM_DAM_LI_ADM, CRM_DAM_LI_AQ, CRM_DAM_MT_ADM, CRM_DAM_PRD_AQ, CRM_DAM_SNGL_UL, CRM_DAM_TAX_ADM, CRM_DAM_VAL_HLP
Available fix and Supported packages
- BBPCRM | 500 | 500
- BBPCRM | 520 | 520
- BBPCRM | 600 | 600
- BBPCRM | 700 | 700
- BBPCRM | 701 | 701
- BBPCRM 500 | SAPKU50018 |
- BBPCRM 520 | SAPKU52011 |
- BBPCRM 600 | SAPKU60009 |
- BBPCRM 700 | SAPKU70009 |
- BBPCRM 701 | SAPKU70103 |
- BBPCRM 701 | SAPKU70104 |
Affected component
- CRM-MKT-DAM
Digital Asset Management
CVSS
Score: 0
Exploit
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1516348
