Potential disclosure of persisted data in RRI, SAP security note 1551253

Description

A malicious user can exploit Regulatory Reporting Interface and use specially crafted inputs to modify data-base commands, resulting in the retrieval of additional information persisted by the system.

Available fix and Supported packages

FSAPPL | 200 | 200
FSAPPL | 300 | 300
BANK-ALYZE | 42 | 42
BANK-ALYZE | 50 | 50
FSAPPL 200 | SAPKISC314 |
FSAPPL 300 | SAPK-30007INFSAPPL |
BANK-ALYZE 42 | SAPKIBAM15 |
BANK-ALYZE 50 | SAPKIBAL23 |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1551253

Arpine Maghakyan

Potential disclosure of persisted data in RRI, SAP security note 1551253

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SQL-injection—database—Regulatory-Reporting-Interface

More to explorer

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

SAP Security Patch Day – May 2023

RedRays Offers Support to Startups Listing on SAP Store