FPE2M Missing Authorization Check, SAP security note 1478420

Description

An authenticated user can use functionality of transaction FPE2M (Mass document change) to which access should be restricted. This can potentially result in an Escalation of Privileges.

Available fix and Supported packages

FI-CA | 471 | 471
FI-CA | 472 | 472
FI-CA | 600 | 600
FI-CA | 602 | 602
FI-CA | 603 | 603
FI-CA | 604 | 604
FI-CA | 605 | 605
FI-CA 471 | SAPKIPC725 |
FI-CA 472 | SAPKIPC819 |
FI-CA 600 | SAPK-60018INFICA |
FI-CA 602 | SAPK-60208INFICA |
FI-CA 603 | SAPK-60307INFICA |
FI-CA 604 | SAPK-60407INFICA |
FI-CA 605 | SAPK-60502INFICA |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1478420

Vahagn Vardanian

FPE2M Missing Authorization Check, SAP security note 1478420

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Authorization
#authorization-check

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Vahagn Vardanian

FPE2M Missing Authorization Check, SAP security note 1478420

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Authorization#authorization-check

More to explorer

SAP Security Patch Day – November 2024

How the SAP Penetration Testing Process at RedRays Works

Local Privilege Escalation Vulnerability in SAP SAPControl

[PoC] SAP PING PONG – XSS and URL Redirection Vulnerabilities

Special offer for SAP Security Udemy course!

$ 9.99

#Authorization
#authorization-check