Missing authorization check for SPP alert deletion, SAP security note 1491435

Description

A malicious user can exploit the deletion of such alerts which belong to the SPP application and use specially crafted inputs to execute arbitrary database commands to retrieve, or remove data persisted by the system.

Available fix and Supported packages

SCM | 500 | 500
SCM | 510 | 510
SCM | 700 | 700
SCM | 701 | 701
SCM_BASIS | 500 | 500
SCM_BASIS | 510 | 510
SCM_BASIS | 700 | 700
SCM_BASIS | 701 | 701
SCM 701 | SAPKY70102 |
SCM 500 | SAPKY50019 |
SCM 510 | SAPKY51015 |
SCM 700 | SAPKY70009 |
SCM_BASIS 701 | SAPK-70102INSCMBASIS |
SCM_BASIS 500 | SAPK-50019INSCMBASIS |
SCM_BASIS 510 | SAPK-51018INSCMBASIS |
SCM_BASIS 700 | SAPK-70009INSCMBASIS |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1491435

Arpine Maghakyan

Missing authorization check for SPP alert deletion, SAP security note 1491435

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SQL-injection
#database
#SPP-Alert-Monitor
#deletion

More to explorer

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

SAP Security Patch Day – May 2023

RedRays Offers Support to Startups Listing on SAP Store

Arpine Maghakyan

Missing authorization check for SPP alert deletion, SAP security note 1491435

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SQL-injection#database#SPP-Alert-Monitor#deletion

More to explorer

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

SAP Security Patch Day – May 2023

RedRays Offers Support to Startups Listing on SAP Store

#SQL-injection
#database
#SPP-Alert-Monitor
#deletion