Описание
Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected.
EPSS
7.1 High
CVSS3
Дефекты
Связанные уязвимости
Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected.
Уязвимость компонента Financials General Ledger программной платформы SAP S/4HANA, позволяющая нарушителю получить доступ на чтение и изменение данных
EPSS
7.1 High
CVSS3