The Monitor Data (F2436) and My Data Collections (F3991) apps do not perform the necessary authorization checks for an authenticated user, resulting in an escalation of privileges.
Some well-known impacts of missing authorization checks are:
- abuse functionality restricted to a particular user group
- read, modify, or delete restricted data
Available fix and Supported packages
- S4CORE | 102 | 102
- S4CORE | 103 | 103
- S4CORE | 104 | 104
- S4CORE | 105 | 105
- | SAPK-123BHINSAPSCORE |
- S4CORE 105 | SAPK-10501INS4CORE |
- S4CORE 102 | SAPK-10208INS4CORE |
- S4CORE 103 | SAPK-10306INS4CORE |
- S4CORE 104 | SAPK-10404INS4CORE |
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.