Описание
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:erp_human_capital_management:600:*:*:*:portugal:*:*:*
cpe:2.3:a:sap:erp_human_capital_management:604:*:*:*:portugal:*:*:*
cpe:2.3:a:sap:erp_human_capital_management:608:*:*:*:portugal:*:*:*
EPSS
Процентиль: 41%
0.00187
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
CWE-862
Связанные уязвимости
CVSS3: 6.5
github
почти 4 года назад
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts.
EPSS
Процентиль: 41%
0.00187
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-862
CWE-862