Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Credit card data is stored in the log file, SAP security note 627649

Description

Credit card information which is relevant for safety may be written to the J2EE engine log file isa.log (in the WEB-INF/log directory).
This data can be misused by persons who are authorized or not authorized to access the log files and it is a possible safety hazard. This affects both ISA for CRM and ISA for R/3.

Available fix and Supported packages

  • BBPCRM | 300 | 300
  • BBPCRM | 310 | 310
  • BBPCRM | 400 | 400

Affected component

    CRM-ISA-BAS
    Shopping Basket and Order Entry

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/627649

TAGS

#Credit-cards
#payment
#CRM-Backend
#B2B
#B2C
#log-level
#ISA30
#ISA3.0
#ISA31
#ISA3.1
#ISA4
#ISA40

More to explorer