Missing Authorization Check in S4 ACR Brazil Option, SAP security note 2874738

Description

This SAP Note addresses the scenario in which the reports for Brazil do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Missing authorization checks may result in:

Abuse of a functionality restricted to a particular user group
Read restricted data

Available fix and Supported packages

S4CORE | 103 | 103
S4CORE | 104 | 104
| SAPK-S4CLOUD_2005 |
S4CORE 103 | SAPK-10304INS4CORE |
S4CORE 104 | SAPK-10402INS4CORE |

Affected component

CVSS

Score: 3.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2874738

Vahagn Vardanian

Missing Authorization Check in S4 ACR Brazil Option, SAP security note 2874738

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Access-control
#Authorization-error
#Authorization-profile
#Brazil
#TDF
#S/4HANA-ACR-Brazil-Option

Explore More

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

Vahagn Vardanian

Missing Authorization Check in S4 ACR Brazil Option, SAP security note 2874738

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Access-control#Authorization-error#Authorization-profile#Brazil#TDF#S/4HANA-ACR-Brazil-Option

Explore More

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

Special offer for SAP Security Udemy course!

$ 9.99

#Access-control
#Authorization-error
#Authorization-profile
#Brazil
#TDF
#S/4HANA-ACR-Brazil-Option