Description
An authenticated user can use functionality of tools in balance processing to which access should be restricted. This can potentially result in an Escalation of Privileges.
Additionally, obsolete test reports without any adequat authorization concept will be deactivated.
Available fix and Supported packages
- FSAPPL | 200 | 200
- FSAPPL | 300 | 300
- BANK-ALYZE | 42 | 42
- BANK-ALYZE | 50 | 50
- FSAPPL 200 | SAPKISC312 |
- FSAPPL 300 | SAPK-30005INFSAPPL |
- BANK-ALYZE 42 | SAPKIBAM14 |
- BANK-ALYZE 50 | SAPKIBAL20 |
Affected component
- FS-BA-AN-FSP
Financial Statement Preparation
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1486405