Missing authority check in CA-MDG-APP-ISS, SAP security note 2025794

Description

An authenticated user can use functions of CA-MDG-APP-ISS (Integrated Self Service) to which access should be restricted. This may result in an escalation of privileges.

Available fix and Supported packages

SAP_APPL | 605 | 605
SAP_APPL | 606 | 606
SAP_APPL | 616 | 616
SAP_FIN | 617 | 617
SAP_FIN | 700 | 700
SAP_APPL 605 | SAPKH60513 |
SAP_APPL 606 | SAPKH60613 |
SAP_APPL 616 | SAPKH61608 |
SAP_FIN 617 | SAPK-61706INSAPFIN |
SAP_FIN 700 | SAPK-70003INSAPFIN |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2025794

Vahagn Vardanian

Missing authority check in CA-MDG-APP-ISS, SAP security note 2025794

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#ISS-FSSC-Authorization-authorization-check

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Vahagn Vardanian

Missing authority check in CA-MDG-APP-ISS, SAP security note 2025794

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#ISS-FSSC-Authorization-authorization-check

Explore More

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

RedRays AI for ABAP Code Security

Critical Vulnerabilities in SAP NetWeaver AS for JAVA (Adobe Document Services)

Special offer for SAP Security Udemy course!

$ 9.99