Описание
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:erp_human_capital_management:600:*:*:*:portugal:*:*:*
cpe:2.3:a:sap:erp_human_capital_management:604:*:*:*:portugal:*:*:*
cpe:2.3:a:sap:erp_human_capital_management:608:*:*:*:portugal:*:*:*
EPSS
Процентиль: 33%
0.00129
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
github
больше 3 лет назад
SAP ERP HCM Portugal does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
EPSS
Процентиль: 33%
0.00129
Низкий
4.3 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862