Description
Credit card information which is relevant for safety may be written to the J2EE engine log file isa.log (in the WEB-INF/log directory).
This data can be misused by persons who are authorized or not authorized to access the log files and it is a possible safety hazard. This affects both ISA for CRM and ISA for R/3.
Available fix and Supported packages
- BBPCRM | 300 | 300
- BBPCRM | 310 | 310
- BBPCRM | 400 | 400
Affected component
- CRM-ISA-BAS
Shopping Basket and Order Entry
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/627649
