Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Potential information disclosure relating to processes, SAP security note 1507266

Description

When working with Xcelsius dashboards that display BW data in the BEx runtime it can happen that exceptions are raised. These exceptions were rendered as an HTML error page including stack trace information and presented to the user. This information could have been used by malicious users to start specialised attacks.

Available fix and Supported packages

  • BI-BASE-E | 7.30 | 7.30
  • BI-BASE-B | 7.30 | 7.30
  • BI-BASE-S | 7.30 | 7.30
  • BIWEBAPP | 7.30 | 7.30
  • BI BASE EXPORT SERVICES 7.30 | SP005 | 000000
  • BI BASE FOUNDATION 7.30 | SP005 | 000000
  • BI BASE SERVICES 7.30 | SP005 | 000000
  • BI WEB APPLICATIONS 7.30 | SP005 | 000000

Affected component

    BW-BEX-ET
    Enduser Technology

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1507266

TAGS

#Information-disclosure
#BEx-Web
#Xcelsius-dashboard

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,