Description
An authenticated user can use functionality of condition cross-client customizing download from ERP to CRM to which access should be restricted. A table name is used as an input without further checking in the program.
Available fix and Supported packages
- BBPCRM | 400 | 400
- BBPCRM | 500 | 500
- BBPCRM | 520 | 520
- BBPCRM | 600 | 600
- BBPCRM | 700 | 700
- BBPCRM | 701 | 701
- BBPCRM 400 | SAPKU40018 |
- BBPCRM 701 | SAPKU70102 |
- BBPCRM 500 | SAPKU50018 |
- BBPCRM 520 | SAPKU52011 |
- BBPCRM 600 | SAPKU60009 |
- BBPCRM 700 | SAPKU70009 |
Affected component
- CRM-MD-CON-IF
Exchange of Condition Records and Customizing Data
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/1488453
