Description
TSW Supply Chain Visualization does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Some well-known impacts of Missing Authorization check are –
- abuse functionality restricted to a particular user group
- read, modify or delete restricted data
Available fix and Supported packages
- IS-OIL | 802 | 802
- IS-OIL | 803 | 803
- IS-OIL 802 | SAPK-80204INISOIL |
- IS-OIL 803 | SAPK-80302INISOIL |
Affected component
- IS-OIL-DS-TSW
Traders and Schedulers Workbench
CVSS
Score: 6.3
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2756551