Description
This SAP Note has already been released as a normal SAP Note that is not a Security Note. No further activities are required if you have already implemented this SAP Note.
Users who do not have authorization to call certain transactions are able to do so since the required authorization checks are missing in the main program where the call is being made.
Available fix and Supported packages
- SCM | 410 | 410
- SCM | 500 | 500
- SCM | 510 | 510
- SCM | 700 | 700
- SCM 410 | SAPKY41020 |
- SCM 700 | SAPKY70006 |
- SCM 500 | SAPKY50018 |
- SCM 510 | SAPKY51014 |
Affected component
- SCM-APO-MSP
Maintenance and Service Planning
CVSS
Score: 0
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/1424979