Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Unreleased Internet Communication Framework services, SAP security note 626073

Description

Authorization checks are missing when you use Internet Communication Framework services that are intended for SAP-internal use only.

Available fix and Supported packages

  • SAP_BASIS | 610 | 640
  • SAP_BASIS | 700 | 702
  • SAP_BASIS | 710 | 730
  • SAP_BASIS 610 | SAPKB61034 |
  • SAP_BASIS 620 | SAPKB62026 |
  • SAP_BASIS 610 | SAPKB61038 |
  • SAP_BASIS 620 | SAPKB62033 |
  • SAP_BASIS 610 | SAPKB61039 |
  • SAP_BASIS 620 | SAPKB62038 |

Affected component

    BC-MID-ICF
    Internet Communication Framework

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/626073

TAGS

#Authorization
#report
#/sap/bc/report
#xrfc
#/sap/bc/xrfc
#FormToRfc
#/sap/bc/FormToRfc
#/sap/bc/echo
#/sap/bc/xrfc_test
#/sap/bc/error

More to explorer