See more – know more
State-of-the-Art Research i for securing your SAP® systems. Request advisories by using the form below.
Advisories
| ID | Title | SAP Note | Fix Date | |
|---|---|---|---|---|
| BACK-06 | Backdoor that empowers users to remotely create a report | 1592312 | Jul 2011 | |
| BACK-03 | Backdoor that empowers users to remotely create function modules | 1589919 | Jul 2011 | |
| AUTH-14 | Unauthorized remote access to SAP profile parameters | 1565428 | Jul 2011 | |
| AUTH-01 | Incorrect authority check (S_DEVELOP) in CL_WDR_TRACE_TOOL | 1555846 | Jun 2011 | |
| FILE-01 | Remote access to server-side directory contents | 1555144 | Jun 2011 | |
| AUTH-04 | Insufficient authority check in report TZCUSTIM | 1563860 | Jun 2011 | |
| AUTH-17 | Unauthorized Remote Access to SAP profile parameters via Function Module PFL_GET_PARAMETER | 1572714 | May 2011 | |
| AUTH-16 | Unauthorized Remote Access to SAP profile parameters via Function Module RSPO_SXOMS_GET_PARAM | 1565444 | May 2011 | |
| BACK-02 | Backdoor that empowers users to remotely execute OS commands on an ABAP servervia Function Module OIUH_SUBMIT_UNIX_CALL2 (IS-PRA) | 1558010 | May 2011 | |
| BACK-01 | Backdoor that empowers users to remotely execute OS commands on an ABAP server via Function Module OIUH_SUBMIT_UNIX_CALL (IS-PRA) | 1560360 | May 2011 | |
| AUTH-06 | Generic report starter in report RSTPDASTART_VERI | 1553907 | May 2011 | |
| BACK-05 | Backdoor that empowers unauthorized users to remotely start arbitrary reports via Function Module WZRE_BSP_RUNREPORT | 1557197 | Apr 2011 | |
| BACK-04 | Backdoor that empowers unauthorized users to remotely start arbitrary reports via Function Module HR99B_PARALLEL_REPORT_RUN | 1558284 | Apr 2011 | |
| FILE-02 | Remote access to server-side directory contents (ISU_M_L_FOLDER_SERVER) | 1558740 | Apr 2011 | |
| OSCMD-01 | Remote exploitable OS Command Execution vulnerability in Function Module SXPG_STEP_XPG_START | 1520462 | Jan 2011 | |
| SYS-01 | Multiple Buffer Overflows in ABAP SYSTEM-CALL command (SAP Basis) | 1493516 | Dec 2010 | |
| CARF-01 | Cross-Application Request Forgery vulnerability in SAP GUI | 1397000, 1526048 | Dec 2010 | |
| NSI-01 | Native SQL Injection in RFC-enabled Function Module (SAP Basis) | 1456569 | Dec 2010 | |
| KRN-05 | Buffer Overflow in SAP Kernel function (BUILD_DS_SPEC, ID OPSYS) | 1487330 | Oct 2010 | |
| KRN-04 | Buffer Overflow in SAP Kernel function (BUILD_DS_SPEC, ID PATH) | 1487330 | Oct 2010 | |
| KRN-03 | Buffer Overflow in SAP Kernel function (BUILD_DS_SPEC, ID FILENAME) |
1487330 | Oct 2010 | |
| KRN-02 | Buffer Overflow in SAP Kernel function (C_SAPGDEFPARAM) | 1487330 | Oct 2010 | |
| KRN-01 | Remote exploitable Buffer Overflow in SAP Kernel function (C_SAPGPARAM) | 1487330 | Oct 2010 |
Submit request
In the beginning of 2010, SAP started listing Virtual Forge and other organizations that actively contribute to a more secure SAP standard. Our activities have led to numerous corrections. For further details, log on to the SAP Service Marketplace with your S-User ID.