Skip links

Missing authorization checks in function modules related to CRM knowledgebases for configurable products, SAP security note 2271018

Description

This SAP note describes new authorization checks in the following RFC function modules for CRM Configuration Knowledgebases:

COM_PME_GET_NEW_IDS

COM_PME_DB_INSERT_STABLE

COM_PME_DB_INSERT_KB_START

COM_PME_DB_INSERT_KB_END

COM_PME_DB_INSERT_CFGKB

COM_PME_DB_INSERT_VTABLE

COM_PME_DB_TRANS_START

COM_PME_DB_TRANS_ROLLBACK

COM_PME_DB_TRANS_COMMIT

CRM_SCE_DB_TRANS_INIT_RFC

Available fix and Supported packages

  • BBPCRM | 700 | 700
  • BBPCRM | 701 | 701
  • BBPCRM | 702 | 702
  • BBPCRM | 712 | 712
  • BBPCRM | 713 | 713
  • BBPCRM | 714 | 714
  • BBPCRM 700 | SAPKU70018 |
  • BBPCRM 701 | SAPKU70115 |
  • BBPCRM 712 | SAPKU71210 |
  • BBPCRM 702 | SAPKU70217 |
  • BBPCRM 714 | SAPK-71402INBBPCRM |
  • BBPCRM 713 | SAPKU71312 |

Affected component

    CRM-BF-CFG
    Product Configuration

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2271018

TAGS

#Authorization
#authorization-check
#PME
#configuration-knowledgebase