Описание
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application.
EPSS
Процентиль: 20%
0.00065
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 5.5
github
больше 1 года назад
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application.
EPSS
Процентиль: 20%
0.00065
Низкий
5.5 Medium
CVSS3
Дефекты
CWE-862