SAP Knowledge Base Article - Preview

1585966 - Code injection vulnerability in RSMSSPARTDRIV_FORMS v6.40

Symptom

  • Include RSMSSPARTDRIV_FORMS allows to execute arbitrary program code of the user's choice.
  • A malicious user that has a valid and authenticated R/3 account can therefore inject and run his/her own code e.g. to escalate privileges by executing malicious code without legitimate own credentials, perform a denial of service (DoS) attack, etc.
  • SAP Note 1499206 does not list corrections for SAP_BASIS 640.

Read more...

Environment

  • SAP NetWeaver 2004 Application Server for ABAP with SAP_BASIS Release 640

Product

SAP NetWeaver 2004

Keywords

RSMSSPARTDRIV, backdoor, vulnerabilities, security, credentials, injection, inject own code, run own code, malicious user, malicious code, escalate privileges, denial of service attack (DoS) , KBA , BC-DB-MSS , SQL Server in SAP NetWeaver Products , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.