Skip links
RedRays - Your SAP Security Solution
RedRays SAP Security Team

RedRays SAP Security Team

🔥🔥🔥 Join us for our upcoming training session at Black Hat MEA: "Securing SAP Systems: Expert Insights and Penetration Testing Techniques" 🛡️🔍

Security Note Missing Authority Check for Call Transaction, SAP security note 1425215

Description

Possible security issues have been found, from type “Missing Authority Check for Call Transaction”.
This ABAP Statement does not check for the authorization to start the transaction. So an unauthorized user is also allowed to use the transaction.

Available fix and Supported packages

  • SCM | 700 | 700
  • SCM 700 | SAPKY70006 |

Affected component

    AP-PPE-SCM
    Product and Process Engineering

CVSS

Score: 0

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/1425215

TAGS

#AUTHORITY-CHECK
#/SAPAPO/PPE
#IF_EX_IPPE_CLASS~CLASS_CALL
#IF_EX_IPPE_CLASS~HIERARCHY_CALL
#IF_EX_IPPE_ECN~CALL

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer