Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

November 13, 2015
10:10 am

Unauthorized execution of functions in IS-Media, SAP security note 1507735

Description

A malicious user can execute functions in IS-Media without authentication and authorization.

Available fix and Supported packages

IS-M | 471 | 471
IS-M | 472 | 472
IS-M | 600 | 600
IS-M | 602 | 602
IS-M | 603 | 603
IS-M | 604 | 604
IS-M | 605 | 605
IS-M 471 | SAPKIPPM26 |
IS-M 472 | SAPKIPPN20 |
IS-M 600 | SAPK-60019INISM |
IS-M 602 | SAPK-60209INISM |
IS-M 603 | SAPK-60308INISM |
IS-M 604 | SAPK-60409INISM |
IS-M 605 | SAPK-60503INISM |
IS-M 471 | SAPKIPPM27 |
IS-M 472 | SAPKIPPN21 |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1507735

TAGS

#Cross-Site-Request-Forgery
#XSRFBusiness-Server-Page
#BSP
#SAP-Internet-Transaction-Server
#ITS
#IAC
#Internet-Application-Component
#Internet-application

More to explorer

Time to give back, RedRays

RedRays Offers Support to Startups Listing on SAP Store

February 26, 2023

RedRays is a startup that was founded in January 2021. Throughout our journey, we have been fortunate to receive support and guidance

Threat Modeling: An Overview of PASTA Methodology

February 23, 2023

I would like to briefly introduce the Threat Modeling methodology in this blog post. This will be the initial part of the

SAP Security Patch Day – February 2023

February 14, 2023

SAP Security Patch Day is a monthly event during which SAP releases security updates for their software products. These updates address potential

3242933 – [CVE-2022-39802] File path traversal vulnerability in SAP Manufacturing Execution

October 12, 2022

General information Risk: CRITICAL Versions Affected:SAP MFG EXECUTION CORE 15.1SAP MFG EXECUTION CORE 15.2SAP MFG EXECUTION CORE 15.3Vendor URL: https://sap.comBug: File path traversal