Описание
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:erp_financial_accounting:618:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_financial_accounting:720:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_600:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_602:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_603:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_604:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_localization_for_cee_countries:c-cee_110_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:100:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:101:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4hana:108:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00187
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
NVD-CWE-Other
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted.
EPSS
Процентиль: 40%
0.00187
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-863
NVD-CWE-Other