Description
Missing authorization check in the roles SAP_SCM_INTEGRATION and /SAPAPO/DP_SUPERUSER
An authenticated user can use functionality to which access should be restricted. This can potentially result in an Escalation of Privileges.
Available fix and Supported packages
- SCM | 500 | 500
- SCM | 510 | 510
- SCM | 700 | 700
- SCM | 701 | 701
- SCM 500 | SAPKY50019 |
- SCM 510 | SAPKY51015 |
- SCM 700 | SAPKY70009 |
- SCM 701 | SAPKY70103 |
Affected component
- SCM-APO-INT
Interfaces
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1486833