Description
This note is relevant only if you use the application component FS-CD (software component INSURANCE). If you do not use these components, you are not affected by the problem and you do not have to implement this note.
It is possible to call certain functions of coinsurance reporting without the user that is logged on having the required prerequisite authorization. This may result in an escalation of privileges.
Available fix and Supported packages
- INSURANCE | 464 | 464
- INSURANCE | 471 | 471
- INSURANCE | 472 | 472
- INSURANCE | 600 | 600
- INSURANCE | 602 | 602
- INSURANCE | 603 | 603
- INSURANCE | 604 | 604
- INSURANCE | 605 | 605
- INSURANCE 472 | SAPKIPIN19 |
- INSURANCE 600 | SAPK-60018ININSURANC |
- INSURANCE 602 | SAPK-60208ININSURANC |
- INSURANCE 603 | SAPK-60307ININSURANC |
- INSURANCE 604 | SAPK-60407ININSURANC |
- INSURANCE 605 | SAPK-60502ININSURANC |
- INSURANCE 464 | SAPKIPIL33 |
- INSURANCE 471 | SAPKIPIM26 |
Affected component
- FS-CD
Collections and Disbursements
CVSS
Score: 0
Exploit
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1473520
