Description
This SAP Note addresses the scenario in which the reports for Brazil do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Missing authorization checks may result in:
- Abuse of a functionality restricted to a particular user group
- Read restricted data
Available fix and Supported packages
- S4CORE | 103 | 103
- S4CORE | 104 | 104
- | SAPK-S4CLOUD_2005 |
- S4CORE 103 | SAPK-10304INS4CORE |
- S4CORE 104 | SAPK-10402INS4CORE |
Affected component
- FI-LOC-FI-BR
Advanced Compliance Reporting for Brazil
CVSS
Score: 3.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2874738