You can use authorization objects to display or hide functions in applications. However, you can still execute these functions by manipulating the URL on a Business Server Page (BSP). An additional authorization check before execution is missing.
Available fix and Supported packages
- ERECRUIT | 300 | 300
- ERECRUIT | 600 | 600
- ERECRUIT | 603 | 603
- ERECRUIT | 604 | 604
- ERECRUIT 300 | SAPK-30019INERECRUIT |
- ERECRUIT 600 | SAPK-60013INERECRUIT |
- ERECRUIT 603 | SAPK-60302INERECRUIT |
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.