Symptom
- Include RSMSSPARTDRIV_FORMS allows to execute arbitrary program code of the user's choice.
- A malicious user that has a valid and authenticated R/3 account can therefore inject and run his/her own code e.g. to escalate privileges by executing malicious code without legitimate own credentials, perform a denial of service (DoS) attack, etc.
- SAP Note 1499206 does not list corrections for SAP_BASIS 640.
Read more...
Environment
- SAP NetWeaver 2004 Application Server for ABAP with SAP_BASIS Release 640
Product
SAP NetWeaver 2004
Keywords
RSMSSPARTDRIV, backdoor, vulnerabilities, security, credentials, injection, inject own code, run own code, malicious user, malicious code, escalate privileges, denial of service attack (DoS) , KBA , BC-DB-MSS , SQL Server in SAP NetWeaver Products , Problem
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.