Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

June 22, 2010
12:28 pm

Unauthorized executing of functions in Web Dynpro ABAP, SAP security note 1430970

Description

An attacker can execute functions of Web Dynpro ABAP applications without the relevant authentication and authorization.

Available fix and Supported packages

SAP_BASIS | 700 | 702
SAP_BASIS | 710 | 720
SAP_BASIS 710 | SAPKB71010 |
SAP_BASIS 700 | SAPKB70022 |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1430970

TAGS

#Cross-site-request-forgery
#XSRF
#Web-Dynpro-ABAP

More to explorer

Urgent Security Notice

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

June 2, 2023

RedRays has made an alarming discovery through their rigorous internet data monitoring and analysis: significant breaches involving user logins and passwords of

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

June 1, 2023

Application: SAP NetWeaver AS JavaVersions Affected: SAP NetWeaver Development Infrastructure Component Build Service versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50Vendor URL:

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

May 24, 2023

Introduction The P4 protocol is important in Java remote communication, mainly with Java Naming and Directory Interface (JNDI) and Java Remote Method

AI-powered Password Testing for ABAP stack

May 12, 2023

Greetings, I am glad to inform you about a significant development in the RedRays Security Platform for the ABAP stack. We have created a