Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Missing Authorization check in SAP Yard Logistics, SAP security note 2317358

Description

Function Modules /SAPYL/SET_YT_STATUS_ASYNC, /SAPYL/WS_DOOR_ARR_DEP, /SAPYL/WS_LOAD_UNLOAD_NOTIF, /SAPYL/WS_QUERY_EXTERNAL_TU do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

 Some well-known impacts of Missing Authorization check are –

  • abuse functionality restricted to a particular user group
  • read, modify or delete restricted data    

Available fix and Supported packages

  • SAPYL | 100 | 100
  • SAPYL 100 | SAPK-10002INSAPYL |

Affected component

    SCM-YL
    SAP Yard Logistics

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2317358

TAGS

#Access-control
#Authorization-error
#Authorization-profile
#RFC-Function-Modules
#SAP-Yard-Logistics

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,