Description
The Manage Task Definition, Manage Change Request Task and Manage Maintenance Notification Task applications, do not carry out the necessary authorization checks for user authentication. This results in unauthorized access to actions in the system.
Some well-known impacts of the missing authorization check are the following:
- Malicious use of authorizations and functionality restricted to a particular user group.
- Read, modify, or delete restricted data
Available fix and Supported packages
- S4CORE | 103 | 103
- | SAPK-S4CLOUD_1905 |
- S4CORE 103 | SAPK-10302INS4CORE |
Affected component
- EHS-SUS-FND
Sustainability Foundation
CVSS
Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2738065