Missing Authorization check in Travel Management, SAP security note 2847817

Description

Travel Management Fiori Applications (MTR V2 and MTE V2) do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Some well-known impacts of Missing Authorization check are –

abuse functionality restricted to a particular user group
read, modify or delete restricted data

Available fix and Supported packages

EA-HRGXX | 608 | 608
EA-HRGXX 608 | SAPK-60873INEAHRGXX |

Affected component

CVSS

Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2847817

Vahagn Vardanian

Missing Authorization check in Travel Management, SAP security note 2847817

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Access-control
#Authorization-error
#Authorization-profile

Explore More

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

Vahagn Vardanian

Missing Authorization check in Travel Management, SAP security note 2847817

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Access-control#Authorization-error#Authorization-profile

Explore More

Redis CVE-2023-36824 – How to Reproduce the Vulnerability

Redis CVE-2024-31449: How to Reproduce and Mitigate the Vulnerability

Reproducing CVE-2024-10979: A Step-by-Step Guide

SAP Security Patch Day – November 2024

Special offer for SAP Security Udemy course!

$ 9.99

#Access-control
#Authorization-error
#Authorization-profile