Description
Banking Services does not perform necessary authorization checks for an authenticated user, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.
Some well-known impacts of Missing Authorization check are –
- abuse functionality restricted to a particular user group
- modify or delete restricted data
Available fix and Supported packages
- SAP_ABA | 710 | 711
- SAP_ABA | 740 | 740
- SAP_ABA | 750 | 752
- SAP_ABA | 75A | 75E
- | SAPK-781BHINSAPBASIS |
- SAP_ABA 711 | SAPKA71120 |
- SAP_ABA 740 | SAPKA74024 |
- SAP_ABA 751 | SAPK-75111INSAPABA |
- SAP_ABA 75B | SAPK-75B11INSAPABA |
- SAP_ABA 752 | SAPK-75207INSAPABA |
- SAP_ABA 75C | SAPK-75C07INSAPABA |
- SAP_ABA 75D | SAPK-75D05INSAPABA |
- SAP_ABA 75E | SAPK-75E03INSAPABA |
- SAP_ABA 750 | SAPK-75019INSAPABA |
- SAP_ABA 75A | SAPK-75A19INSAPABA |
Affected component
- FS-AM-PR-CD
Financial Conditions
CVSS
Score: 6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2916562