Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Unauthorized usage of ME_SWP services, SAP security note 1531512

Description

A malicious user can trigger functionalities in the Supplier Workplace services without authentication and authorization. The user can perform actions for which he has no authorization.
The following services can be affected and have now been protected.

ME_SWP_ALERT
ME_SWP_SRI
ME_SWP_IV
ME_SWP_PDI
ME_SWP_PH
ME_SWP_CO
ME_SWP
ME_SWP_GUI

Available fix and Supported packages

  • SAP_APPL | 500 | 500
  • SAP_APPL | 600 | 600
  • SAP_APPL | 602 | 602
  • SAP_APPL | 603 | 603
  • SAP_APPL | 604 | 604
  • SAP_APPL | 605 | 605
  • SAP_APPL 600 | SAPKH60019 |
  • SAP_APPL 602 | SAPKH60209 |
  • SAP_APPL 603 | SAPKH60308 |
  • SAP_APPL 604 | SAPKH60409 |
  • SAP_APPL 605 | SAPKH60504 |
  • SAP_APPL 500 | SAPKH50025 |

Affected component

    IS-A-SWP
    Supplier Workplace

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1531512

TAGS

#Cross-Site-Request-Forgery
#XSRF
#ITS
#SWP-services
#ME_SWP

More to explorer