Skip links

SQL Information Disclosure in RWB, SAP security note 1559700

Description

The Test Message tool in Runtime Workbench shows an SQL Exception when invalid input is used when saving a test message. A malicious user can use this to discover information relating to database data being used by PI. This information could be used to allow malicious users to specialize their attacks.

Available fix and Supported packages

  • SAP_XITOOL | 7.10 | 7.11
  • SAP_XITOOL | 7.30 | 7.30
  • SAP_XITOOL | 7.31 | 7.31
  • XI TOOLS 7.10 | SP008 | 000026
  • XI TOOLS 7.10 | SP009 | 000022
  • XI TOOLS 7.10 | SP010 | 000015
  • XI TOOLS 7.10 | SP011 | 000012
  • XI TOOLS 7.10 | SP013 | 000000
  • XI TOOLS 7.11 | SP003 | 000026
  • XI TOOLS 7.11 | SP004 | 000020
  • XI TOOLS 7.11 | SP005 | 000008
  • XI TOOLS 7.11 | SP006 | 000004
  • XI TOOLS 7.11 | SP007 | 000000
  • XI TOOLS 7.30 | SP001 | 000002
  • XI TOOLS 7.30 | SP002 | 000001
  • XI TOOLS 7.30 | SP003 | 000000

Affected component

    BC-XI-IS-WKB
    Runtime Workbench / Monitoring

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1559700

TAGS

#RWB
#Component-Monitoring
#Information-disclosure