Description
This security note has been updated. For more detailed information, see
Security Note 1716165 and Security Note 1839511.
The SAP logon application can be abused by an attacker, allowing them to gain access to data entered in the different pages of the logon application by a legitimate user.
Available fix and Supported packages
- EPBC2 | 7.00 | 7.02
- EP-PSERV | 6.0_640 | 6.0_640
- SAP-JEE | 6.40 | 6.40
- SAP-JEE | 7.00 | 7.02
- SAP_JTECHS | 6.40 | 6.40
- SAP_JTECHS | 7.00 | 7.02
- SAP-JEECOR | 7.00 | 7.00
- SAP-JEECOR | 6.40 | 6.40
- SAP-JEECOR | 7.01 | 7.02
- SERVERCORE | 7.10 | 7.10
- SERVERCORE | 7.11 | 7.11
- SERVERCORE | 7.20 | 7.20
- SERVERCORE | 7.30 | 7.30
- SERVERCORE | 7.31 | 7.31
- J2EE-APPS | 7.10 | 7.11
- J2EE-APPS | 7.20 | 7.20
- J2EE-APPS | 7.30 | 7.30
- J2EE-APPS | 7.31 | 7.31
- J2EE ENGINE APPLICATIONS 7.10 | SP011 | 000005
- J2EE ENGINE APPLICATIONS 7.10 | SP012 | 000004
- J2EE ENGINE APPLICATIONS 7.10 | SP013 | 000001
- J2EE ENGINE APPLICATIONS 7.10 | SP014 | 000001
- J2EE ENGINE APPLICATIONS 7.10 | SP015 | 000000
- J2EE ENGINE APPLICATIONS 7.11 | SP005 | 000018
- J2EE ENGINE APPLICATIONS 7.11 | SP006 | 000010
- J2EE ENGINE APPLICATIONS 7.11 | SP007 | 000007
- J2EE ENGINE APPLICATIONS 7.11 | SP008 | 000003
- J2EE ENGINE APPLICATIONS 7.11 | SP009 | 000000
- J2EE ENGINE APPLICATIONS 7.20 | SP003 | 000015
- J2EE ENGINE APPLICATIONS 7.20 | SP004 | 000012
- J2EE ENGINE APPLICATIONS 7.20 | SP005 | 000005
- J2EE ENGINE APPLICATIONS 7.20 | SP006 | 000002
- J2EE ENGINE APPLICATIONS 7.20 | SP007 | 000000
- J2EE ENGINE APPLICATIONS 7.30 | SP001 | 000007
- J2EE ENGINE APPLICATIONS 7.30 | SP002 | 000007
- J2EE ENGINE APPLICATIONS 7.30 | SP003 | 000003
- J2EE ENGINE APPLICATIONS 7.30 | SP004 | 000002
- J2EE ENGINE APPLICATIONS 7.30 | SP005 | 000002
Affected component
- BC-JAS-SEC
Security, User Management
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/1651004
