Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Missing Authorization check in SAP Direct Store Delivery, SAP security note 2580258

Description

SAP Direct Store Delivery does not perform necessary authorization checks. This might allow a user to access data that he/she might not be authorized to access.

Available fix and Supported packages

  • MOBDSDEI | 606 | 606
  • MOBDSDEI | 800 | 800
  • MOBDSDEI | 618 | 618
  • MOBDSDEI 606 | SAPK-60604INMOBDSDEI |
  • MOBDSDEI 800 | SAPK-80001INMOBDSDEI |
  • MOBDSDEI 618 | SAPK-61801INMOBDSDEI |

Affected component

    MOB-APP-ERP-DSD
    SAP Direct Store Delivery

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2580258

TAGS

#Access-control
#Authorization-error
#Authorization-profile

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,