Description
An authenticated user can use functions of Payment Engine to which access should be restricted. This may result in an escalation of privileges.
Available fix and Supported packages
- PAY-ENGINE | 300 | 300
- PAY-ENGINE | 400 | 400
- PECROSS | 300 | 300
- PAY-ENGINE 300 | SAPK-30009INPE1 |
- PAY-ENGINE 400 | SAPK-40002INPE1 |
- PECROSS 300 | SAPK-30004INPECROSS |
Affected component
- FS-PE
Payment Engine
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2099484