Description
SAP S/4HANA for Financial Products Subledger uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties.
Available fix and Supported packages
- S4FPSL | 100 | 100
- S4FPSL 100 | SAPK-10003INS4FPSL |
Affected component
- FS-FPS
Financial Products Subledger
CVSS
Score: 4.7
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2897612