Saved data may be read in the HR Management system, SAP security note 1511561

Description

An attacker can prompt the SAP Human Resource Management System to reveal additional data by making selective entries during the call of RFC-enabled function modules.

Available fix and Supported packages

SAP_HRGXX | 470 | 470
SAP_HRGXX | 500 | 500
SAP_HRGXX | 600 | 600
SAP_HRGXX | 604 | 604
SAP_HRGXX 604 | SAPK-60427INSAPHRGXX |
SAP_HRGXX 600 | SAPK-60062INSAPHRGXX |
SAP_HRGXX 500 | SAPK-50079INSAPHRGXX |
SAP_HRGXX 470 | SAPK-470B3INSAPHRGXX |
SAP_HRGXX 470 | SAPK-470B4INSAPHRGXX |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1511561

Arpine Maghakyan

Saved data may be read in the HR Management system, SAP security note 1511561

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#SQL-injectionDatabaseSAP-Human-Resource-Management-System

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535