Описание
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
Ссылки
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_710:*:*:*:*:*:*:*
cpe:2.3:a:sap:sap_solution_manager_system:2008_1_740:*:*:*:*:*:*:*
EPSS
Процентиль: 44%
0.0022
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).
EPSS
Процентиль: 44%
0.0022
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862