Description
An authenticated user can receive delegated tasks of SAP NetWeaver BPM Task Management to which access should be restricted. This may result in an escalation of privileges.
Available fix and Supported packages
- BPEM-WDUI | 7.11 | 7.11
- BPEM-WDUI | 7.20 | 7.20
- BPEM-WDUI | 7.30 | 7.30
- BPEM-WDUI | 7.31 | 7.31
- BPEM-HIM | 7.30 | 7.30
- BPEM-HIM | 7.31 | 7.31
- BPEM-MON | 7.20 | 7.20
- BPEM-MON | 7.30 | 7.30
- BPEM-MON | 7.31 | 7.31
- BPEM HUMAN INTERFACE MGMT 7.30 | SP007 | 000000
- BPEM HUMAN INTERFACE MGMT 7.31 | SP002 | 000000
- BPEM NWA PLUG INS 7.20 | SP007 | 000001
- BPEM NWA PLUG INS 7.20 | SP008 | 000000
- BPEM NWA PLUG INS 7.30 | SP007 | 000003
- BPEM NWA PLUG INS 7.30 | SP008 | 000000
- BPEM NWA PLUG INS 7.31 | SP002 | 000002
- BPEM NWA PLUG INS 7.31 | SP003 | 000000
- BPEM WEBDYNPRO UIS 7.11 | SP006 | 000002
- BPEM WEBDYNPRO UIS 7.11 | SP007 | 000001
- BPEM WEBDYNPRO UIS 7.11 | SP008 | 000001
- BPEM WEBDYNPRO UIS 7.11 | SP009 | 000001
- BPEM WEBDYNPRO UIS 7.11 | SP010 | 000000
- BPEM WEBDYNPRO UIS 7.20 | SP007 | 000001
- BPEM WEBDYNPRO UIS 7.20 | SP008 | 000000
- BPEM WEBDYNPRO UIS 7.30 | SP007 | 000004
- BPEM WEBDYNPRO UIS 7.30 | SP008 | 000000
- BPEM WEBDYNPRO UIS 7.31 | SP002 | 000002
- BPEM WEBDYNPRO UIS 7.31 | SP003 | 000001
Affected component
- BC-BMT-BPM-DSK
Process Desk
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1644896
