Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Unauthorized use of application functions in WEBCUIF, SAP security note 1590555

Description

An attacker can execute functions in WEBCUIF without authentication and authorization.

Available fix and Supported packages

  • CRMUIF | 520 | 520
  • CRMUIF | 600 | 600
  • WEBCUIF | 700 | 700
  • WEBCUIF | 701 | 701
  • WEBCUIF | 730 | 730
  • CRMUIF 520 | SAPK-52013INCRMUIF |
  • CRMUIF 600 | SAPK-60014INCRMUIF |
  • WEBCUIF 700 | SAPK-70011INWEBCUIF |
  • WEBCUIF 701 | SAPK-70107INWEBCUIF |
  • WEBCUIF 730 | SAPK-73003INWEBCUIF |

Affected component

    CA-WUI-UI
    User Interface

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1590555

TAGS

#Cross-site-request-forgery
#XSRF
#WEBCUIF

More to explorer