Skip links

Missing authorization check in CRM Middleware extractor, SAP security note 1499392

Description

An authenticated user can use functionality of the CRM Middleware to which access should be re-stricted. This can potentially result in an Escalation of Privileges.

Available fix and Supported packages

  • PI_BASIS | 2004_1_620 | 2004_1_640
  • PI_BASIS | 2005_1_620 | 2005_1_700
  • PI_BASIS | 2006_1_620 | 2006_1_710
  • PI_BASIS | 701 | 702
  • PI_BASIS | 711 | 730
  • PI | 2004_1_46C | 2004_1_46C
  • PI_BASIS 2005_1_640 | SAPKIPYJ6L |
  • PI_BASIS 2006_1_640 | SAPKIPYL11 |
  • PI_BASIS 2005_1_700 | SAPKIPYJ7N |
  • PI_BASIS 2006_1_700 | SAPKIPYM13 |
  • PI_BASIS 701 | SAPK-70108INPIBASIS |
  • PI_BASIS 2005_1_620 | SAPKIPYJ5M |
  • PI_BASIS 2006_1_620 | SAPKIPYK12 |
  • PI_BASIS 2006_1_710 | SAPKIPYN12 |
  • PI_BASIS 711 | SAPK-71107INPIBASIS |
  • PI_BASIS 2006_1_700 | SAPKIPYM14 |
  • PI 2004_1_46C | SAPKIPZI4J |

Affected component

    CRM-MW-ADP
    Middleware Adapter

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1499392

TAGS

#CRMRFCPAR
#CRMATAB
#CRMDIMA
#initial-load
#compare