Skip links

Security Note Missing Authority Check for Call Transaction, SAP security note 1425215

Description

Possible security issues have been found, from type “Missing Authority Check for Call Transaction”.
This ABAP Statement does not check for the authorization to start the transaction. So an unauthorized user is also allowed to use the transaction.

Available fix and Supported packages

  • SCM | 700 | 700
  • SCM 700 | SAPKY70006 |

Affected component

    AP-PPE-SCM
    Product and Process Engineering

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1425215

TAGS

#AUTHORITY-CHECK
#/SAPAPO/PPE
#IF_EX_IPPE_CLASS~CLASS_CALL
#IF_EX_IPPE_CLASS~HIERARCHY_CALL
#IF_EX_IPPE_ECN~CALL

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies