Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Missing Authorization check in SAP Yard Logistics, SAP security note 2317358

Description

Function Modules /SAPYL/SET_YT_STATUS_ASYNC, /SAPYL/WS_DOOR_ARR_DEP, /SAPYL/WS_LOAD_UNLOAD_NOTIF, /SAPYL/WS_QUERY_EXTERNAL_TU do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

 Some well-known impacts of Missing Authorization check are –

  • abuse functionality restricted to a particular user group
  • read, modify or delete restricted data    

Available fix and Supported packages

  • SAPYL | 100 | 100
  • SAPYL 100 | SAPK-10002INSAPYL |

Affected component

    SCM-YL
    SAP Yard Logistics

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2317358

TAGS

#Access-control
#Authorization-error
#Authorization-profile
#RFC-Function-Modules
#SAP-Yard-Logistics

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer