Описание
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
Ссылки
- Permissions Required
- Vendor Advisory
- Permissions Required
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:s4core:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4coreop:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4coreop:105:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4coreop:106:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4coreop:107:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4coreop:108:*:*:*:*:*:*:*
EPSS
Процентиль: 58%
0.00359
Низкий
7.7 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 7.7
github
больше 1 года назад
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
EPSS
Процентиль: 58%
0.00359
Низкий
7.7 High
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-862