Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

December 14, 2010
1:12 pm

XSRF activation in ITS Services, SAP security note 1522651

Description

This Security Note has been updated. See Security Notes 1536087 and 1536193 for details.

It is possible to attack the SRM System using XSRF (Cross-Site Request Forgery).

Available fix and Supported packages

SAP_ABA | 640 | 640
SAP_ABA | 700 | 702
SRM_SERVER | 500 | 500
SRM_SERVER | 550 | 550
SAP_ABA 640 | SAPKA64028 |
SAP_ABA 700 | SAPKA70024 |
SRM_SERVER 500 | SAPKIBKS17 |
SRM_SERVER 550 | SAPKIBKT18 |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1522651

TAGS

#Security

More to explorer

Urgent Security Notice

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

June 4, 2023

Yerevan, 4 June 2023 – RedRays, a cybersecurity provider specializing in the protection of ERP systems, has recently made a disturbing discovery.

Urgent Security Notice

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

June 2, 2023

RedRays has made an alarming discovery through their rigorous internet data monitoring and analysis: significant breaches involving user logins and passwords of

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

June 1, 2023

Application: SAP NetWeaver AS JavaVersions Affected: SAP NetWeaver Development Infrastructure Component Build Service versions – 7.11, 7.20, 7.30, 7.31, 7.40, 7.50Vendor URL:

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

May 24, 2023

Introduction The P4 protocol is important in Java remote communication, mainly with Java Naming and Directory Interface (JNDI) and Java Remote Method