Skip links

Update #1 to Security Note 1501646, SAP security note 1575499

Description

Long text and SP Patch level of note 1501646 were updated according to availability of XSRF protection in CRM 7.01.

The SP Patch Levels were increased for CRM 7.01 from SP3 Patch level 0 to SP3 Patch Level 3 for the following software components: CRM JAVA APPLICATIONS, CRM JAVA COMPONENTS, CRM JAVA WEB COMPONENTS, SAP SHARED JAVA APPLIC, SAP SHARED JAVA COMP and SAP SHARED WEB COMPONENTS.

Please note that XSRF protection is not available in CRM 7.01 SP1 and CRM 7.01 SP2, therefore, it is  recommended that you upgrade to at least SP3 if your CRM release is 7.01.

Available fix and Supported packages

  • SAP-CRMJAV | 701 | 701
  • SAP-CRMWEB | 701 | 701
  • SAP-SHRWEB | 701 | 701
  • SAP-SHRJAV | 701 | 701
  • SAP-CRMAPP | 701 | 701
  • SAP-SHRAPP | 701 | 701
  • CRM JAVA APPLICATIONS 7.01 | SP003 | 000003
  • CRM JAVA COMPONENTS 7.01 | SP003 | 000003
  • CRM JAVA WEB COMPONENTS 7.01 | SP003 | 000003
  • SAP SHARED JAVA APPLIC. 7.01 | SP003 | 000003
  • SAP SHARED JAVA COMP. 7.01 | SP003 | 000003
  • SAP SHARED WEB COMPONENTS 7.01 | SP003 | 000003

Affected component

    CRM-ISA
    Internet Sales

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1575499

TAGS

#Cross-site-request-forgery
#XSRF
#CSRF
#SAP-Internet-Sales
#ISA
#ISE
#ECO
#Web-Channel
#CRM
#E-Commerce
#ECommerce
#Update
#Update-Note