Skip links

Unauthorized modification of stored content in RWB, SAP security note 1618864

Description

The Message Content display in Runtime Workbench could be abused by a malicious user, who could modify application content, persist the modified content without authorization, and potentially obtain authentication information from other legitimate users.

Available fix and Supported packages

  • MESSAGING | 7.10 | 7.11
  • MESSAGING | 7.30 | 7.30
  • MESSAGING | 7.31 | 7.31
  • MESSAGING SYSTEM SERVICE 7.10 | SP011 | 000029
  • MESSAGING SYSTEM SERVICE 7.10 | SP012 | 000026
  • MESSAGING SYSTEM SERVICE 7.10 | SP013 | 000020
  • MESSAGING SYSTEM SERVICE 7.10 | SP014 | 000000
  • MESSAGING SYSTEM SERVICE 7.11 | SP005 | 000024
  • MESSAGING SYSTEM SERVICE 7.11 | SP006 | 000021
  • MESSAGING SYSTEM SERVICE 7.11 | SP007 | 000005
  • MESSAGING SYSTEM SERVICE 7.11 | SP008 | 000001
  • MESSAGING SYSTEM SERVICE 7.11 | SP009 | 000000
  • MESSAGING SYSTEM SERVICE 7.30 | SP001 | 000011
  • MESSAGING SYSTEM SERVICE 7.30 | SP002 | 000010
  • MESSAGING SYSTEM SERVICE 7.30 | SP003 | 000003
  • MESSAGING SYSTEM SERVICE 7.30 | SP004 | 000001
  • MESSAGING SYSTEM SERVICE 7.30 | SP005 | 000000
  • MESSAGING SYSTEM SERVICE 7.31 | SP001 | 000000
  • MESSAGING SYSTEM SERVICE 7.31 | SP002 | 000000

Affected component

    BC-XI-IS-WKB
    Runtime Workbench / Monitoring

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1618864

TAGS

#RWB
#Stored-Cross-Site-Scripting
#XSS