Description
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users.
Some well-known impacts of faulty authentication check are
- Unauthorized access (read, modify or delete) to sensitive information
- Unauthorized access to administrative or other privileged functionalities
Available fix and Supported packages
- SAP_EXTENDED_APP_SERVICES | 1 | 1
- SAP EXTENDED APP SERVICES 1 | SP000 | 010100
Affected component
- BC-XS-SEC
UAA and Security for HANA XSA engine
CVSS
Score: 9.4
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2742027
