CVE-2013-3061

Опубликовано: 01 мая 2013

Источник: nvd

CVSS2: 6.5

EPSS Низкий

Описание

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html
Broken Link
http://scn.sap.com/docs/DOC-8218
Broken Link
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare
Broken Link
https://service.sap.com/sap/support/notes/1691744
Permissions Required
http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html
Broken Link
http://scn.sap.com/docs/DOC-8218
Broken Link
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare
Broken Link
https://service.sap.com/sap/support/notes/1691744
Permissions Required

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:erp_central_component:-:*:*:*:*:*:*:*

cpe:2.3:a:sap:healthcare_industry_solution:-:*:*:*:*:*:*:*

EPSS

Процентиль: 54%

0.0031

Низкий

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-qmpq-8gm6-962x

github

больше 3 лет назад