Missing Authorization check in SAP Yard Logistics, SAP security note 2317358

Description

Function Modules /SAPYL/SET_YT_STATUS_ASYNC, /SAPYL/WS_DOOR_ARR_DEP, /SAPYL/WS_LOAD_UNLOAD_NOTIF, /SAPYL/WS_QUERY_EXTERNAL_TU do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Some well-known impacts of Missing Authorization check are –

abuse functionality restricted to a particular user group
read, modify or delete restricted data

Available fix and Supported packages

SAPYL | 100 | 100
SAPYL 100 | SAPK-10002INSAPYL |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2317358

Vahagn Vardanian

Missing Authorization check in SAP Yard Logistics, SAP security note 2317358

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Access-control
#Authorization-error
#Authorization-profile
#RFC-Function-Modules
#SAP-Yard-Logistics

Explore More

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

Vahagn Vardanian

Missing Authorization check in SAP Yard Logistics, SAP security note 2317358

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Access-control#Authorization-error#Authorization-profile#RFC-Function-Modules#SAP-Yard-Logistics

Explore More

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

Special offer for SAP Security Udemy course!

$ 9.99

#Access-control
#Authorization-error
#Authorization-profile
#RFC-Function-Modules
#SAP-Yard-Logistics