Skip links
RedRays - Your SAP Security Solution
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Update 2 to security note 1651004, SAP security note 1839511

Description

Security note 1651004 has been rereleased due to missing validity entries. Newly-added releases that are affected are listed below:
SAP J2EE ENGINE 640 SP26, SP27, SP28, SP29
PORTAL PLATFORM 6.0_640 SP26, SP27, SP28, SP29

SAP J2EE ENGINE 700 SP23, SP24, SP25, SP26
SAP J2EE ENGINE CORE 700 SP23, SP24, SP25, SP26
SAP JAVA TECH SERVICES 700 SP23, SP24, SP25, SP26
PORTAL FRAMEWORK 700 SP23, SP24, SP25, SP26

SAP J2EE ENGINE 701 SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 701 SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 701 SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 701 SP07, SP08, SP09, SP10

SAP J2EE ENGINE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 702 SP05, SP06, SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 702 SP05, SP06, SP07, SP08, SP09, SP10

Available fix and Supported packages

  • EP-PSERV | 6.0_640 | 6.0_640
  • SAP-JEE | 6.40 | 6.40
  • SAP-JEE | 7.00 | 7.00
  • SAP_JTECHS | 7.00 | 7.01
  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 7.01 | 7.01

Affected component

    BC-JAS-SEC
    Security, User Management

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1839511

TAGS

#cross-frame-scripting
#XFS
#logon-application
#update
#update-note

More to explorer

SAP Cloud Connector Certificate Validation Issue

February 13, 2024

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,