Skip links

Assertion ticket is not evaluated correctly, SAP security note 1676065

Description

The Web AS Java accepts assertion tickets issued for other systems

Available fix and Supported packages

  • ENGINEAPI | 7.10 | 7.11
  • SAP-JEE | 6.40 | 6.40
  • SAP-JEE | 7.00 | 7.02
  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 6.40 | 6.40
  • SAP-JEECOR | 7.01 | 7.02
  • SERVERCORE | 7.10 | 7.10
  • SERVERCORE | 7.11 | 7.11
  • ENGINEAPI 7.10 | SP013 | 000003
  • ENGINEAPI 7.10 | SP014 | 000001
  • ENGINEAPI 7.10 | SP015 | 000000
  • ENGINEAPI 7.11 | SP008 | 000005
  • ENGINEAPI 7.11 | SP009 | 000002
  • ENGINEAPI 7.11 | SP010 | 000000
  • J2EE ENGINE SERVERCORE 7.10 | SP013 | 000005
  • J2EE ENGINE SERVERCORE 7.10 | SP014 | 000002
  • J2EE ENGINE SERVERCORE 7.10 | SP015 | 000000
  • J2EE ENGINE SERVERCORE 7.11 | SP008 | 000008
  • J2EE ENGINE SERVERCORE 7.11 | SP009 | 000002
  • J2EE ENGINE SERVERCORE 7.11 | SP010 | 000000
  • SAP J2EE ENGINE 6.40 | SP029 | 000003
  • SAP J2EE ENGINE 6.40 | SP030 | 000000
  • SAP J2EE ENGINE 7.00 | SP027 | 000000
  • SAP J2EE ENGINE 7.01 | SP011 | 000001
  • SAP J2EE ENGINE 7.01 | SP012 | 000000
  • SAP J2EE ENGINE 7.02 | SP010 | 000003
  • SAP J2EE ENGINE 7.02 | SP012 | 000000
  • SAP J2EE ENGINE CORE 6.40 | SP030 | 000000

Affected component

    BC-JAS-SEC-LGN
    Logon, SSO

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1676065

TAGS

#recipient-SID
#recipient-client
#EvaluateAssertionTicketLoginModule