Missing authorization checks in function modules related to CRM knowledgebases for configurable products, SAP security note 2271018
Description
This SAP note describes new authorization checks in the following RFC function modules for CRM Configuration Knowledgebases:
COM_PME_GET_NEW_IDS
COM_PME_DB_INSERT_STABLE
COM_PME_DB_INSERT_KB_START
COM_PME_DB_INSERT_KB_END
COM_PME_DB_INSERT_CFGKB
COM_PME_DB_INSERT_VTABLE
COM_PME_DB_TRANS_START
COM_PME_DB_TRANS_ROLLBACK
COM_PME_DB_TRANS_COMMIT
CRM_SCE_DB_TRANS_INIT_RFC
Available fix and Supported packages
- BBPCRM | 700 | 700
- BBPCRM | 701 | 701
- BBPCRM | 702 | 702
- BBPCRM | 712 | 712
- BBPCRM | 713 | 713
- BBPCRM | 714 | 714
- BBPCRM 700 | SAPKU70018 |
- BBPCRM 701 | SAPKU70115 |
- BBPCRM 712 | SAPKU71210 |
- BBPCRM 702 | SAPKU70217 |
- BBPCRM 714 | SAPK-71402INBBPCRM |
- BBPCRM 713 | SAPKU71312 |
Affected component
- CRM-BF-CFG
Product Configuration
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2271018