Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Missing Authorization check in SAP Yard Logistics, SAP security note 2317358


Function Modules /SAPYL/SET_YT_STATUS_ASYNC, /SAPYL/WS_DOOR_ARR_DEP, /SAPYL/WS_LOAD_UNLOAD_NOTIF, /SAPYL/WS_QUERY_EXTERNAL_TU do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

 Some well-known impacts of Missing Authorization check are –

  • abuse functionality restricted to a particular user group
  • read, modify or delete restricted data    

Available fix and Supported packages

  • SAPYL | 100 | 100
  • SAPYL 100 | SAPK-10002INSAPYL |

Affected component

    SAP Yard Logistics


Score: 0


Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.




More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,