Skip links

Unauthorized use of application functions in CRM planning, SAP security note 1554676

Description

A malicious user can execute functions in CRM planning without authentication and authorization.

Available fix and Supported packages

  • SAP_BW | 701 | 702
  • SAP_BW | 711 | 730
  • SAP_BW_VIRTUAL_COMP | 701 | 701
  • SAP_BW_VIRTUAL_COMP | 711 | 711
  • SAP_BW 700 | SAPKW70026 |
  • SAP_BW 701 | SAPKW70109 |
  • SAP_BW 730 | SAPKW73003 |
  • SAP_BW 702 | SAPKW70208 |
  • SAP_BW 700 | SAPKW70027 |
  • SAP_BW 701 | SAPKW70110 |
  • SAP_BW 711 | SAPKW71109 |
  • SAP_BW_VIRTUAL_COMP 701 | SAPK-70123INVCBWTECH |
  • SAP_BW_VIRTUAL_COMP 701 | SAPK-70125INVCBWTECH |

Affected component

    BW-PLA-BPS
    Business Planning and Simulation

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1554676

TAGS

#Cross-site-request-forgery
#XSRF
#BW-PLA-BPS
#CRM-MKT-MPL