Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

User check in TH_REMOTE_TRANSACTION/TH_SAP_LOGIN, SAP security note 440221

Description

When you call the TH_REMOTE_TRANSACTION function module, a dialog can also be opened if you use a non-dialog user in the RFC destination being used.

Available fix and Supported packages

  • SAP_BASIS | 46B | 46D
  • SAP_BASIS | 610 | 610
  • SAP_BASIS 46B | SAPKB46B34 |
  • SAP_BASIS 46C | SAPKB46C26 |
  • SAP_BASIS 46D | SAPKB46D15 |
  • SAP_BASIS 610 | SAPKB61007 |
  • SAP_BASIS 610 | SAPKB61030 |
  • SAP_BASIS 46C | SAPKB46C42 |
  • SAP_BASIS 46D | SAPKB46D31 |
  • SAP_BASIS 46B | SAPKB46B51 |

Affected component

    BC-CST-DP
    Dispatcher, Task Handler

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/440221

TAGS

#TH_REMOTE_LOGIN
#TH_SAP_LOGIN
#RFC
#user

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,