Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Security note Access to RFC-enabled modules via SOAP, SAP security note 1394100

Description

The unrequired execution of remote-enabled function modules occurs via SOAP and the HTTP channel if a particular ICF service was activated incorrectly, or if the definition of an RFC authorization was not restrictive enough.

Available fix and Supported packages

  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 730
  • SAP_BASIS | 72L | 72L

Affected component

    BC-MID-ICF
    Internet Communication Framework

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1394100

TAGS

#SOAP
#Simple-Object-Access-Protocol
#RFC
#Remote-Function-Call
#ICF
#Internet-Communication-Framework
#security

More to explorer