Skip links

Unauthorized executing of functions in Web Dynpro ABAP, SAP security note 1430970

Description

An attacker can execute functions of Web Dynpro ABAP applications without the relevant authentication and authorization.

Available fix and Supported packages

  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 720
  • SAP_BASIS 710 | SAPKB71010 |
  • SAP_BASIS 700 | SAPKB70022 |

Affected component

    BC-WD-ABA-RUN
    Web Dynpro ABAP Runtime

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1430970

TAGS

#Cross-site-request-forgery
#XSRF
#Web-Dynpro-ABAP