Security issue gATP, SAP security note 1514989

Description

Transportation and vehicle scheduling in the area of global availability check might use the ‘condition technique’ in order to evaluate durations.
An authenticated user can use functions of ‘transportation and shipment scheduling’ to which access should be restricted. This may result in an escalation of privileges

Available fix and Supported packages

SAP_APO | 30A | 30A
SAP_APO | 310 | 310
SCM | 400 | 400
SCM | 410 | 410
SCM | 500 | 500
SCM | 510 | 510
SAP_APO 30A | SAPKY30A32 |
SAP_APO 310 | SAPKY31027 |
SCM 400 | SAPKY40022 |
SCM 410 | SAPKY41021 |
SCM 500 | SAPKY50019 |
SCM 510 | SAPKY51015 |

Affected component

CVSS

Score: 0

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1514989

Vahagn Vardanian

Security issue gATP, SAP security note 1514989

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Authorization
#authorization-check
#

Explore More

CVE-2025-0063 SQL Injection Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

SAP Security Patch Day – January 2025 Overview

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

Vahagn Vardanian

Security issue gATP, SAP security note 1514989

Description

Available fix and Supported packages

Affected component

CVSS

PoC

URL

TAGS

#Authorization#authorization-check#

Explore More

CVE-2025-0063 SQL Injection Vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

SAP Security Patch Day – January 2025 Overview

How to Install the RedRays ABAP Security Plugin for Eclipse

How to Install and Configure the RedRays ABAP Code Scanner Plugin for VS Code

Special offer for SAP Security Udemy course!

$ 9.99

#Authorization
#authorization-check
#