Description
The Test Message tool in Runtime Workbench shows an SQL Exception when invalid input is used when saving a test message. A malicious user can use this to discover information relating to database data being used by PI. This information could be used to allow malicious users to specialize their attacks.
Available fix and Supported packages
- SAP_XITOOL | 7.10 | 7.11
- SAP_XITOOL | 7.30 | 7.30
- SAP_XITOOL | 7.31 | 7.31
- XI TOOLS 7.10 | SP008 | 000026
- XI TOOLS 7.10 | SP009 | 000022
- XI TOOLS 7.10 | SP010 | 000015
- XI TOOLS 7.10 | SP011 | 000012
- XI TOOLS 7.10 | SP013 | 000000
- XI TOOLS 7.11 | SP003 | 000026
- XI TOOLS 7.11 | SP004 | 000020
- XI TOOLS 7.11 | SP005 | 000008
- XI TOOLS 7.11 | SP006 | 000004
- XI TOOLS 7.11 | SP007 | 000000
- XI TOOLS 7.30 | SP001 | 000002
- XI TOOLS 7.30 | SP002 | 000001
- XI TOOLS 7.30 | SP003 | 000000
Affected component
- BC-XI-IS-WKB
Runtime Workbench / Monitoring
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/1559700