Unauthorized usage of appl. functionality in Plant Manager, SAP security note 1525664

Description

A malicious user can trigger functionality in Plant Manager 1.0 without authentication and authorization.

Note the following:
Plant Manager 1.0 is marked as obsolete as of Release ERP 2005 and it is replaced by Plant Manager 2.0.
Plant Manager 2.0 uses different technology and is therefore not affected.

Available fix and Supported packages

SAP_APPL | 500 | 500
SAP_APPL | 600 | 600
SAP_APPL | 602 | 602
SAP_APPL | 603 | 603
SAP_APPL | 604 | 604
SAP_APPL | 605 | 605
SAP_APPL 500 | SAPKH50024 |
SAP_APPL 600 | SAPKH60019 |
SAP_APPL 602 | SAPKH60209 |
SAP_APPL 603 | SAPKH60308 |
SAP_APPL 604 | SAPKH60409 |
SAP_APPL 605 | SAPKH60504 |
SAP_APPL 500 | SAPKH50025 |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1525664

Arpine Maghakyan

Unauthorized usage of appl. functionality in Plant Manager, SAP security note 1525664

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Cross-Site-Request-Forgery
#XSRF
#Business-Server-Pages
#BSP

More to explorer

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

SAP Security Patch Day – May 2023

RedRays Offers Support to Startups Listing on SAP Store

Arpine Maghakyan

Unauthorized usage of appl. functionality in Plant Manager, SAP security note 1525664

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Cross-Site-Request-Forgery#XSRF#Business-Server-Pages#BSP

More to explorer

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

AI-powered Password Testing for ABAP stack

SAP Security Patch Day – May 2023

RedRays Offers Support to Startups Listing on SAP Store

#Cross-Site-Request-Forgery
#XSRF
#Business-Server-Pages
#BSP