{"id":641,"date":"2013-07-04T08:11:12","date_gmt":"2013-07-04T16:11:12","guid":{"rendered":"http:\/\/davatec.com\/corp\/?p=641"},"modified":"2014-11-13T12:04:18","modified_gmt":"2014-11-13T20:04:18","slug":"sap-security-notes-advisory-june-2013","status":"publish","type":"post","link":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/","title":{"rendered":"SAP Security Notes June 2013"},"content":{"rendered":"<p style=\"text-align: justify;\">Welcome to our first SAP Security Advisory Post. Depending on feedback, we will outline all SAP Security notes issued by SAP each following month and make these available to you. As you know, each SAP Security with vulnerabilities is generally rated with a <b><i>Common Vulnerability Scoring System<\/i><\/b> (CVSS V 2.0) code. The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. SAP is adopting <a href=\"http:\/\/www.first.org\/cvss\/cvss-guide.html\" target=\"_blank\">CVSS version 2.0.<\/a><\/p>\n<blockquote>\n<p style=\"text-align: justify;\">The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities. CVSS consists of 3 groups: Base, Temporal and Environmental. Each group produces a numeric score ranging from 0 to 10, and a Vector, a compressed textual representation that reflects the values used to derive the score. The Base group represents the intrinsic qualities of a vulnerability. The Temporal group reflects the characteristics of a vulnerability that change over time. The Environmental group represents the characteristics of a vulnerability that are unique to any user&#8217;s environment. CVSS enables IT managers, vulnerability bulletin providers, security vendors, application vendors and researchers to all benefit by adopting this common language of scoring IT vulnerabilities.<\/p>\n<\/blockquote>\n<p>We will issue tips &amp; tricks and additional Vulnerability issues in future Newsletters as well as what your organization can do to be prepared and informed about potential risks to your SAP infrastructure. Below the outline of all SAP Security notes issued in June 2013:<!--more-->In June 2013, SAP released 33 security related OSS notes. Below the statistics:<\/p>\n<ul>\n<li>8 Notes are not rated with a CVSS score<\/li>\n<li>11 Notes are rated with a CVSS score between 3.5 to 5.0<\/li>\n<li>15 Notes are rated with a CVSS score of 6 and above<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<table width=\"608\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td width=\"65\" height=\"20\"><strong>Number<\/strong><\/td>\n<td width=\"393\"><strong>Short text<\/strong><\/td>\n<td width=\"85\"><strong>Released<\/strong> On<\/td>\n<td width=\"65\"><strong>CVSS<\/strong><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1820777<\/td>\n<td>Update 1 to SAP security note 1755108<\/td>\n<td>24.06.2013<\/td>\n<td>7.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1838814<\/td>\n<td>Unauthorized modification of stored content in cFolders<\/td>\n<td>10.06.2013<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1842218<\/td>\n<td>Missing authorization check in PS<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1842406<\/td>\n<td>Missing authorization check in in package SICM<\/td>\n<td>10.06.2013<\/td>\n<td>3.50<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1843082<\/td>\n<td>Missing authorization check in RSDUMPSOURCE<\/td>\n<td>10.06.2013<\/td>\n<td>4.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1844202<\/td>\n<td>SUIM| RSUSR002 User &amp;#39;&#8230;&#8230;&#8230;&#8230;&amp;#39; is not found<\/td>\n<td>10.06.2013<\/td>\n<td>4.60<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1846952<\/td>\n<td>Missing authorization check in BPC Web Services<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1847645<\/td>\n<td>Missing authorization check in BC-BMT-WFM<\/td>\n<td>10.06.2013<\/td>\n<td>3.60<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1848319<\/td>\n<td>Missing authorization check in BC-ABA-TV<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1848996<\/td>\n<td>Missing authorization check in BC-ILM-LCM<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1849559<\/td>\n<td>Code injection vulnerability in BW-WHM-DST<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1849744<\/td>\n<td>Missing authorization check in SAP_BASIS<\/td>\n<td>10.06.2013<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\"><span style=\"color: #ff0000;\">1851914<\/span><\/td>\n<td><span style=\"color: #ff0000;\">Potential remote code execution in EAServer<\/span><\/td>\n<td><span style=\"color: #ff0000;\">10.06.2013<\/span><\/td>\n<td><span style=\"color: #ff0000;\">10.00<\/span><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\"><span style=\"color: #000000;\">1852064<\/span><\/td>\n<td>Directory traversal in EAServer<\/td>\n<td>10.06.2013<\/td>\n<td>7.50<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1853161<\/td>\n<td>Privilege Escalation in ABAP Source Code Editor<\/td>\n<td>10.06.2013<\/td>\n<td>3.60<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1853852<\/td>\n<td>Missing authorization check in IS-B-BCA<\/td>\n<td>10.06.2013<\/td>\n<td>4.90<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\"><span style=\"color: #ff0000;\">1858107<\/span><\/td>\n<td><span style=\"color: #ff0000;\">Potential disclosure of persisted data in EAServer<\/span><\/td>\n<td><span style=\"color: #ff0000;\">10.06.2013<\/span><\/td>\n<td><span style=\"color: #ff0000;\">7.80<\/span><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1630309<\/td>\n<td>Unauthorized modification in BSP application in CRM-IC-FRW<\/td>\n<td>10.06.2013<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1753737<\/td>\n<td>Unauthorized modification of displayed content in BOE<\/td>\n<td>10.06.2013<\/td>\n<td>4.30<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1774270<\/td>\n<td>Update 1 to security note 1500050<\/td>\n<td>10.06.2013<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1774432<\/td>\n<td>Missing authorization check in ST-PI<\/td>\n<td>10.06.2013<\/td>\n<td>4.60<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1781594<\/td>\n<td>Code injection vulnerability in component BC-SRV-ALV<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1805024<\/td>\n<td>Missing authorization check in SAP profile functions<\/td>\n<td>10.06.2013<\/td>\n<td>6.80<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1806098<\/td>\n<td>Unauthorized Use of Application Functions in REST Interface<\/td>\n<td>10.06.2013<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1816331<\/td>\n<td>Code injection vulnerability in BC-SRV-ALV<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1816989<\/td>\n<td>Potential information disclosure relating to EPCM data bag<\/td>\n<td>10.06.2013<\/td>\n<td>5.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1822847<\/td>\n<td>Potential information disclosure in PI<\/td>\n<td>10.06.2013<\/td>\n<td>4.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1826162<\/td>\n<td>Update 1 to security note 1674132<\/td>\n<td>10.06.2013<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1831463<\/td>\n<td>Potential modification of persisted data in upgrade tools<\/td>\n<td>10.06.2013<\/td>\n<td>4.90<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1831985<\/td>\n<td>Command injection vulnerability in SAP Netweaver IdM<\/td>\n<td>10.06.2013<\/td>\n<td><\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1834935<\/td>\n<td>Missing authorization check in LO-GT-TEW<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1835666<\/td>\n<td>Missing authorization check in PDS_MAINT<\/td>\n<td>10.06.2013<\/td>\n<td>6.00<\/td>\n<\/tr>\n<tr>\n<td align=\"right\" height=\"20\">1836717<\/td>\n<td>Hard-coded profiles in BW-BEX-ET<\/td>\n<td>10.06.2013<\/td>\n<td>6.50<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">The SAP note with the highest score is <b><span style=\"text-decoration: underline;\"><a href=\"http:\/\/service.sap.com\/sap\/support\/notes\/0001851914\">1851914<\/a> Potential remote code execution in EAServer<\/span><\/b><b>:<\/b> This Note addresses the issue where an attacker can exploit EAServer to enable them to remote code execution, including viewing, changing, or deleting data. We advise you, if this note is of interest to you, to review the following 2 notes as well as these are also related to EAServer:<\/p>\n<table width=\"553\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"66\">1852064<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"393\">Directory traversal in EAServer<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"85\">please review<\/td>\n<\/tr>\n<tr>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"66\">1858107<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"393\">Potential disclosure of persisted data in EAServer<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"85\">please review<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">We recommend that companies review the high priority notes published on the SAP Service marketplace and apply these without delays after validating the impact to your business operations.<\/p>\n<p>Below a few other notes that are worth to review as these are interesting and SAP puts a High Priority to have these notes applied to your system:<\/p>\n<table width=\"460\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"66\">\n<p align=\"right\"><b>1781594<\/b><\/p>\n<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"393\"><b>Code injection vulnerability in component BC-SRV-ALV<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">The program code contains a possibility to define and execute user-defined code that changes the behavior of the system. A valid and authenticated user is required. Depending on the code, the user can: inject and run their own code, obtain additional information that should not be displayed, modify data, delete data, modify the output of the system, create new users with higher privileges, perform a denial of service attack.<\/p>\n<p>&nbsp;<\/p>\n<table width=\"460\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"66\">\n<p align=\"right\"><b>1805024<\/b><\/p>\n<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"393\"><b>Missing authorization check in SAP profile functions<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">The functions of the SAP profile do not contain authorization checks for checking an authenticated user&#8217;s authorization to access some of its functions. This may result in undesired system behavior.<\/p>\n<p>&nbsp;<\/p>\n<table width=\"460\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"66\">\n<p align=\"right\"><b>1831985<\/b><\/p>\n<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"393\"><b>Command injection vulnerability in SAP Netweaver IdM<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">An end user can assign himself any business role or potentially also any privilege without that an approval is done. A valid and authenticated user is required.<\/p>\n<p>&nbsp;<\/p>\n<table width=\"460\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"66\">\n<p align=\"right\"><b>1836717<\/b><\/p>\n<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"393\"><b>Hard-coded profiles in BW-BEX-ET<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">The vulnerability is caused by a hard-coded profile in the program&#8217;s source code. An attacker who specifies these credentials can log on to the system without having been assigned legitimate access by the system administrator(s). If a user already has privileges with which they can log on, an escalation of privileges may be possible if the hard-coded account has higher access rights than the original user.<\/p>\n<p>&nbsp;<\/p>\n<table width=\"460\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"66\">\n<p align=\"right\"><b>1806098<\/b><\/p>\n<\/td>\n<td valign=\"bottom\" nowrap=\"nowrap\" width=\"393\"><b>Unauthorized Use of Application Functions in REST Interface<\/b><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p style=\"text-align: justify;\">The SAP NetWeaver Identity Management 7.2 REST interface with version identifier &#8220;v72alpha&#8221; executes certain functions by referencing specific URLs.<\/p>\n<p style=\"text-align: justify;\">When an attacker tricks an authenticated user&#8217;s browser into making a request containing a certain URL and specific parameters, the function is executed with the rights of the authenticated user. This applies to all modification operations provided by the REST interface.<\/p>\n<p style=\"text-align: justify;\">The attacker may use a cross-site scripting attack to do this, or they may present a link to the victim.<\/p>\n<p style=\"text-align: justify;\">Please leave your comments and\/or discuss this post with others. Your expertise is highly appreciated!<\/p>\n<p style=\"text-align: justify;\">\n","protected":false},"excerpt":{"rendered":"<p>Welcome to our first SAP Security Advisory Post. Depending on feedback, we will outline all SAP Security notes issued by SAP each following month and make these available to you. As you know, each SAP Security with vulnerabilities is generally <a class=\"more-link\" href=\"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/\">Continue reading <span class=\"screen-reader-text\">  SAP Security Notes June 2013<\/span><span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,36],"tags":[],"class_list":["post-641","post","type-post","status-publish","format-standard","hentry","category-sap-news","category-security-advisory"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SAP Security Notes Advisory June 2013 -<\/title>\n<meta name=\"description\" content=\"SAP Vulnerability and Security issues\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SAP Security Notes Advisory June 2013 -\" \/>\n<meta property=\"og:description\" content=\"SAP Vulnerability and Security issues\" \/>\n<meta property=\"og:url\" content=\"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/\" \/>\n<meta property=\"article:published_time\" content=\"2013-07-04T16:11:12+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2014-11-13T20:04:18+00:00\" \/>\n<meta name=\"author\" content=\"Davatec Consulting\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Davatec Consulting\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/\"},\"author\":{\"name\":\"Davatec Consulting\",\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/#\\\/schema\\\/person\\\/cbf5bfd07d277e87a3c0adb490d628b6\"},\"headline\":\"SAP Security Notes June 2013\",\"datePublished\":\"2013-07-04T16:11:12+00:00\",\"dateModified\":\"2014-11-13T20:04:18+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/\"},\"wordCount\":941,\"articleSection\":[\"SAP News\",\"Security Advisory\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/\",\"url\":\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/\",\"name\":\"SAP Security Notes Advisory June 2013 -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/#website\"},\"datePublished\":\"2013-07-04T16:11:12+00:00\",\"dateModified\":\"2014-11-13T20:04:18+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/#\\\/schema\\\/person\\\/cbf5bfd07d277e87a3c0adb490d628b6\"},\"description\":\"SAP Vulnerability and Security issues\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/sap-security-notes-advisory-june-2013\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/davatec.com\\\/corp\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SAP Security Notes June 2013\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/#website\",\"url\":\"https:\\\/\\\/davatec.com\\\/corp\\\/\",\"name\":\"\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/davatec.com\\\/corp\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/davatec.com\\\/corp\\\/#\\\/schema\\\/person\\\/cbf5bfd07d277e87a3c0adb490d628b6\",\"name\":\"Davatec Consulting\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fa3d04e976560ef6f5ebd7276e4ba1571a4ebf8d097321b3d4df986ebd1642b0?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fa3d04e976560ef6f5ebd7276e4ba1571a4ebf8d097321b3d4df986ebd1642b0?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/fa3d04e976560ef6f5ebd7276e4ba1571a4ebf8d097321b3d4df986ebd1642b0?s=96&d=mm&r=g\",\"caption\":\"Davatec Consulting\"},\"url\":\"https:\\\/\\\/davatec.com\\\/corp\\\/author\\\/webmeister\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SAP Security Notes Advisory June 2013 -","description":"SAP Vulnerability and Security issues","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/","og_locale":"en_US","og_type":"article","og_title":"SAP Security Notes Advisory June 2013 -","og_description":"SAP Vulnerability and Security issues","og_url":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/","article_published_time":"2013-07-04T16:11:12+00:00","article_modified_time":"2014-11-13T20:04:18+00:00","author":"Davatec Consulting","twitter_misc":{"Written by":"Davatec Consulting","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/#article","isPartOf":{"@id":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/"},"author":{"name":"Davatec Consulting","@id":"https:\/\/davatec.com\/corp\/#\/schema\/person\/cbf5bfd07d277e87a3c0adb490d628b6"},"headline":"SAP Security Notes June 2013","datePublished":"2013-07-04T16:11:12+00:00","dateModified":"2014-11-13T20:04:18+00:00","mainEntityOfPage":{"@id":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/"},"wordCount":941,"articleSection":["SAP News","Security Advisory"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/","url":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/","name":"SAP Security Notes Advisory June 2013 -","isPartOf":{"@id":"https:\/\/davatec.com\/corp\/#website"},"datePublished":"2013-07-04T16:11:12+00:00","dateModified":"2014-11-13T20:04:18+00:00","author":{"@id":"https:\/\/davatec.com\/corp\/#\/schema\/person\/cbf5bfd07d277e87a3c0adb490d628b6"},"description":"SAP Vulnerability and Security issues","breadcrumb":{"@id":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/davatec.com\/corp\/sap-security-notes-advisory-june-2013\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/davatec.com\/corp\/"},{"@type":"ListItem","position":2,"name":"SAP Security Notes June 2013"}]},{"@type":"WebSite","@id":"https:\/\/davatec.com\/corp\/#website","url":"https:\/\/davatec.com\/corp\/","name":"","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/davatec.com\/corp\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/davatec.com\/corp\/#\/schema\/person\/cbf5bfd07d277e87a3c0adb490d628b6","name":"Davatec Consulting","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/fa3d04e976560ef6f5ebd7276e4ba1571a4ebf8d097321b3d4df986ebd1642b0?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/fa3d04e976560ef6f5ebd7276e4ba1571a4ebf8d097321b3d4df986ebd1642b0?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fa3d04e976560ef6f5ebd7276e4ba1571a4ebf8d097321b3d4df986ebd1642b0?s=96&d=mm&r=g","caption":"Davatec Consulting"},"url":"https:\/\/davatec.com\/corp\/author\/webmeister\/"}]}},"_links":{"self":[{"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/posts\/641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/comments?post=641"}],"version-history":[{"count":13,"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/posts\/641\/revisions"}],"predecessor-version":[{"id":669,"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/posts\/641\/revisions\/669"}],"wp:attachment":[{"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/media?parent=641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/categories?post=641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/davatec.com\/corp\/wp-json\/wp\/v2\/tags?post=641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}