Skip links

Unauthorized execution of application function in WDA, SAP security note 1639131

Description

An attacker can execute functions in Web Dynpro ABAP without authentication and authorization.

Available fix and Supported packages

  • SAP_BASIS | 700 | 700
  • SAP_BASIS | 710 | 710
  • SAP_BASIS 700 | SAPKB70026 |
  • SAP_BASIS 710 | SAPKB71014 |

Affected component

    BC-WD-ABA
    Web Dynpro ABAP

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1639131

TAGS

#Cross-site-request-forgery
#XSRF
#Web-Dynpro-ABAP