Skip links
RedRays - Your SAP Security Solution
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Unauthorized usage of ME_SWP services, SAP security note 1531512

Description

A malicious user can trigger functionalities in the Supplier Workplace services without authentication and authorization. The user can perform actions for which he has no authorization.
The following services can be affected and have now been protected.

ME_SWP_ALERT
ME_SWP_SRI
ME_SWP_IV
ME_SWP_PDI
ME_SWP_PH
ME_SWP_CO
ME_SWP
ME_SWP_GUI

Available fix and Supported packages

  • SAP_APPL | 500 | 500
  • SAP_APPL | 600 | 600
  • SAP_APPL | 602 | 602
  • SAP_APPL | 603 | 603
  • SAP_APPL | 604 | 604
  • SAP_APPL | 605 | 605
  • SAP_APPL 600 | SAPKH60019 |
  • SAP_APPL 602 | SAPKH60209 |
  • SAP_APPL 603 | SAPKH60308 |
  • SAP_APPL 604 | SAPKH60409 |
  • SAP_APPL 605 | SAPKH60504 |
  • SAP_APPL 500 | SAPKH50025 |

Affected component

    IS-A-SWP
    Supplier Workplace

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1531512

TAGS

#Cross-Site-Request-Forgery
#XSRF
#ITS
#SWP-services
#ME_SWP

More to explorer

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,