While reading disbursement data using the Disbursement read webservice , authorization checks are not performed for an authenticated user, resulting in escalation of privileges.
Some well-known impacts of Missing Authorization check are –
- abuse functionality restricted to a particular user group
- read, modify or delete restricted data
Available fix and Supported packages
- FSAPPL | 400 | 400
- FSAPPL | 500 | 500
- CB4HANA | 100 | 100
- FSAPPL 500 | SAPK-50015INFSAPPL |
- FSAPPL 400 | SAPK-40030INFSAPPL |
- CB4HANA 100 | SAPK-10002INCB4HANA |
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.