Description
You can access transactions FPSEC1 (Create Security Deposit), FPSEC2 (Change Security Deposit) and FPSEC3 (Display Security Deposit) even though you do not have the required authorization.
The system did not execute the authorization check for the “Transaction” object (S_TCODE).
Available fix and Supported packages
- FI-CA | 464 | 464
- FI-CA | 471 | 471
- FI-CA | 472 | 472
- FI-CA | 600 | 600
- FI-CA | 602 | 602
- FI-CA | 603 | 603
- FI-CA | 604 | 604
- FI-CA 472 | SAPKIPC817 |
- FI-CA 600 | SAPK-60016INFICA |
- FI-CA 602 | SAPK-60206INFICA |
- FI-CA 603 | SAPK-60305INFICA |
- FI-CA 604 | SAPK-60404INFICA |
- FI-CA 464 | SAPKIPC631 |
- FI-CA 471 | SAPKIPC724 |
Affected component
- XX-PROJ-FI-CA
obsolete: Please use Component FI-CA instead
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1327917