Skip links
RedRays - Your SAP Security Solution
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Security problem with user parameter ‘ -TV’, SAP security note 574214

Description

By entering the ‘-TV’ user parameter with transaction SU01, SU3 or one of the BAPIs belonging to the USER BOR object into a user master record, the behavior of the transaction start authorization check is changed.
This represents a security problem.

Available fix and Supported packages

  • SAP_APPL | 45B | 45B
  • SAP_BASIS | 46B | 46D
  • SAP_BASIS | 610 | 620
  • SAP_APPL 45B | SAPKH45B59 |
  • SAP_BASIS 46C | SAPKB46C40 |
  • SAP_BASIS 46D | SAPKB46D29 |
  • SAP_BASIS 610 | SAPKB61028 |
  • SAP_BASIS 46B | SAPKB46B49 |
  • SAP_BASIS 620 | SAPKB62016 |

Affected component

    BC-SEC
    Security – Read KBA 2985997 for subcomponents

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/574214

TAGS

#

More to explorer

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,