Skip links

Correction of the user type for external candidates, SAP security note 1163694

Description

External candidates are created as dialog users for the logon when they are registered. As a result, if they know a user name and the application server, they can use SAP GUI to log on to the SAP E-Recruiting back-end system.

Available fix and Supported packages

  • ERECRUIT | 600 | 600
  • ERECRUIT | 603 | 603
  • ERECRUIT | 604 | 604
  • ERECRUIT 600 | SAPK-60014INERECRUIT |
  • ERECRUIT 603 | SAPK-60303INERECRUIT |
  • ERECRUIT 603 | SAPK-60304INERECRUIT |
  • ERECRUIT 600 | SAPK-60015INERECRUIT |
  • ERECRUIT 604 | SAPK-60402INERECRUIT |

Affected component

    PA-ER
    E-Recruiting

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1163694

TAGS

#

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies