Description
Certain functions of SCM-APO-INT can be called, even if the user that is logged on does not have the required authorization for this. This may result in an escalation of privileges.
Available fix and Supported packages
- SCM | 400 | 400
- SCM | 410 | 410
- SCM | 500 | 500
- SCM | 510 | 510
- SCM 400 | SAPKY40022 |
- SCM 410 | SAPKY41021 |
- SCM 500 | SAPKY50019 |
- SCM 510 | SAPKY51015 |
Affected component
- SCM-APO-INT
Interfaces
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1519666