Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Missing Authorization Check in S4 ACR Brazil Option, SAP security note 2874738

Description

This SAP Note addresses the scenario in which the reports for Brazil do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Missing authorization checks may result in:

  • Abuse of a functionality restricted to a particular user group
  • Read restricted data    

Available fix and Supported packages

  • S4CORE | 103 | 103
  • S4CORE | 104 | 104
  • | SAPK-S4CLOUD_2005 |
  • S4CORE 103 | SAPK-10304INS4CORE |
  • S4CORE 104 | SAPK-10402INS4CORE |

Affected component

    FI-LOC-FI-BR
    Advanced Compliance Reporting for Brazil

CVSS

Score: 3.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2874738

TAGS

#Access-control
#Authorization-error
#Authorization-profile
#Brazil
#TDF
#S/4HANA-ACR-Brazil-Option

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN