Описание
SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
4.3 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
Связанные уязвимости
SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.
Уязвимость платформы бизнес-аналитики SAP Business Objects Business Intelligence Platform, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести XSS-атаки
EPSS
4.3 Medium
CVSS3
4.3 Medium
CVSS3
4 Medium
CVSS2