Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Security Note – ABAP Security Sessions and SAML 2.0, SAP security note 1471069

Description

A security issue was found when running AI iView with system that points to back-end system that ABAP Security Sessions is enabled (please see SAP Note #1322944).
The security issue may allow an attacker to get control over the client´s PC.
There is no workaround for this issue but installing the fix, as well there are no mitigations.

Available fix and Supported packages

  • EP-PSERV | 7.00 | 7.02
  • EP-RUNTIME | 7.10 | 7.11
  • EP-RUNTIME | 7.20 | 7.20
  • EP-RUNTIME | 7.30 | 7.30
  • EP RUNTIME 7.10 | SP011 | 000000
  • EP RUNTIME 7.11 | SP006 | 000000
  • EP RUNTIME 7.20 | SP004 | 000000
  • PORTAL 7.00 | SP018 | 000009
  • PORTAL 7.00 | SP019 | 000007
  • PORTAL 7.00 | SP020 | 000007
  • PORTAL 7.00 | SP021 | 000004
  • PORTAL 7.00 | SP022 | 000002
  • PORTAL 7.00 | SP023 | 000000
  • PORTAL 7.01 | SP003 | 000009
  • PORTAL 7.01 | SP004 | 000008
  • PORTAL 7.01 | SP005 | 000008
  • PORTAL 7.01 | SP006 | 000012
  • PORTAL 7.01 | SP007 | 000002
  • PORTAL 7.01 | SP008 | 000000
  • PORTAL 7.02 | SP003 | 000005
  • PORTAL 7.02 | SP004 | 000005
  • PORTAL 7.02 | SP005 | 000000

Affected component

    EP-PIN-AI-SRA
    Session Release Agent

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1471069

TAGS

#ABAP-Security-Sessions
#SM05
#DSM
#log-off
#portal-log-off
#session.

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,