Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Update 2 to security note 1651004, SAP security note 1839511

Description

Security note 1651004 has been rereleased due to missing validity entries. Newly-added releases that are affected are listed below:
SAP J2EE ENGINE 640 SP26, SP27, SP28, SP29
PORTAL PLATFORM 6.0_640 SP26, SP27, SP28, SP29

SAP J2EE ENGINE 700 SP23, SP24, SP25, SP26
SAP J2EE ENGINE CORE 700 SP23, SP24, SP25, SP26
SAP JAVA TECH SERVICES 700 SP23, SP24, SP25, SP26
PORTAL FRAMEWORK 700 SP23, SP24, SP25, SP26

SAP J2EE ENGINE 701 SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 701 SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 701 SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 701 SP07, SP08, SP09, SP10

SAP J2EE ENGINE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP J2EE ENGINE CORE 702 SP05, SP06, SP07, SP08, SP09, SP10
SAP JAVA TECH SERVICES 702 SP05, SP06, SP07, SP08, SP09, SP10
PORTAL FRAMEWORK 702 SP05, SP06, SP07, SP08, SP09, SP10

Available fix and Supported packages

  • EP-PSERV | 6.0_640 | 6.0_640
  • SAP-JEE | 6.40 | 6.40
  • SAP-JEE | 7.00 | 7.00
  • SAP_JTECHS | 7.00 | 7.01
  • SAP-JEECOR | 7.00 | 7.00
  • SAP-JEECOR | 7.01 | 7.01

Affected component

    BC-JAS-SEC
    Security, User Management

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1839511

TAGS

#cross-frame-scripting
#XFS
#logon-application
#update
#update-note

More to explorer