Описание
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:abap_platform:758:*:*:*:*:*:*:*
cpe:2.3:a:sap:abap_platform:795:*:*:*:*:*:*:*
EPSS
Процентиль: 31%
0.00121
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.3
github
почти 2 года назад
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.
EPSS
Процентиль: 31%
0.00121
Низкий
4.3 Medium
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-862