Skip links

Potential disclosure of persisted data, SAP security note 1502607

Description

A malicious user can exploit CRM Middleware and use specially crafted inputs to retrieve additional information persisted by the system.

Available fix and Supported packages

  • PI_BASIS | 2004_1_620 | 2004_1_640
  • PI_BASIS | 2005_1_620 | 2005_1_700
  • PI_BASIS | 2006_1_620 | 2006_1_710
  • PI_BASIS | 701 | 702
  • PI_BASIS | 711 | 730
  • PI | 2004_1_46C | 2004_1_46C
  • PI_BASIS 701 | SAPK-70108INPIBASIS |
  • PI_BASIS 2005_1_620 | SAPKIPYJ5M |
  • PI_BASIS 2006_1_620 | SAPKIPYK12 |
  • PI_BASIS 730 | SAPK-73002INPIBASIS |
  • PI_BASIS 2006_1_710 | SAPKIPYN12 |
  • PI_BASIS 702 | SAPK-70207INPIBASIS |
  • PI_BASIS 711 | SAPK-71107INPIBASIS |
  • PI_BASIS 2005_1_640 | SAPKIPYJ6M |
  • PI_BASIS 2006_1_640 | SAPKIPYL12 |
  • PI_BASIS 2005_1_700 | SAPKIPYJ7O |
  • PI_BASIS 2006_1_700 | SAPKIPYM14 |
  • PI 2004_1_46C | SAPKIPZI4J |

Affected component

    CRM-MW-ADP
    Middleware Adapter

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1502607

TAGS

#SQL-injection
#database
#CRM-Middleware-Adapter
#R3AS
#R3AS4