FIBF No entry check in the OkCode field, SAP security note 879342

Description

When calling Transaction FIBF (Menu Business Transaction Events), you can enter any transaction name in the okcode field and the system executes the transaction without a transaction authorization check.

Available fix and Supported packages

SAP_ABA | 46B | 46B
SAP_ABA | 46C | 46C
SAP_ABA | 620 | 620
SAP_ABA | 640 | 640
SAP_ABA | 700 | 700
SAP_ABA | 710 | 710
SAP_ABA 700 | SAPKA70005 |
SAP_ABA 640 | SAPKA64015 |
SAP_ABA 620 | SAPKA62056 |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/879342

Arpine Maghakyan

FIBF No entry check in the OkCode field, SAP security note 879342

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#FIBF
#call-transaction

More to explorer

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

Arpine Maghakyan

FIBF No entry check in the OkCode field, SAP security note 879342

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#FIBF#call-transaction

More to explorer

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

#FIBF
#call-transaction