Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Potential disclosure and modification of persisted data AFS, SAP security note 1486048

Description

A malicious user can exploit IS-AFS and use specially crafted inputs to execute arbitrary database commands to retrieve, modify, or remove data persisted by the system.

Available fix and Supported packages

  • P3A | V500 | V500
  • P3A | V600 | V600
  • P3A | V603 | V603
  • P3A | V604 | V604
  • P3A V604 | SAPK-60404INP3A |
  • P3A V500 | SAPKIAF513 |
  • P3A V603 | SAPK-60306INP3A |

Affected component

    IS-AFS-ARUN
    Allocation Run

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1486048

TAGS

#SQL-injection
#database
#IS-AFS

More to explorer