Description
An authenticated user can use functions of LOD-ESO-AS belonging to another tenant and thus access should be restricted to. This may result in an escalation of privileges.
Available fix and Supported packages
- ESOUSRMJAVASERVER | 5.0 | 5.0
- ESOUSRMJAVASERVER | 5.1 | 5.1
- E-SOURCING SRM JAVA SERVER 5.0 | SP000 | 000010
- SOURCING SRM JAVA SERVER 5.1 | SP010 | 000000
Affected component
- LOD-ESO-AS
Accounts & Security
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1629242