Skip links

SAP Internet Communication Framework fails to validate HTTP_WHITELIST, SAP security note 2189853

Description

UPDATE 14th July 2020 : This note has been re-released with the updated ‘Correction instruction’ information.

UPDATE 23rd July 2019: This note has been re-released with updated ‘Correction instruction’ information for the release 710. Also CVSS details were added.

SAP Internet Communication Framework fails for public services to validate access control list (ACL) information of table HTTP_WHITELIST and to logout user correctly.

Available fix and Supported packages

  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 711
  • SAP_BASIS | 730 | 730
  • SAP_BASIS | 731 | 731
  • SAP_BASIS | 740 | 740
  • SAP_BASIS 710 | SAPKB71020 |
  • SAP_BASIS 711 | SAPKB71115 |
  • SAP_BASIS 700 | SAPKB70033 |
  • SAP_BASIS 701 | SAPKB70118 |
  • SAP_BASIS 702 | SAPKB70218 |
  • SAP_BASIS 730 | SAPKB73014 |
  • SAP_BASIS 731 | SAPKB73117 |
  • SAP_BASIS 740 | SAPKB74013 |

Affected component

    BC-MID-ICF
    Internet Communication Framework

CVSS

Score: 5.0
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2189853

TAGS

#SAP-Internet-Communication-Framework
#ICF
#ACL
#White-List
#table-HTTP_WHITELIST
IF_HTTP_SERVER&126-LOGOFF
Public-ICF-Service