Description
Changed on June 11, 2019: This SAP Note was republished with updated information relating to the cause and prerequisites.
S_RFC authorization checks are not sufficient to ensure a secure execution of the function modules mentioned in this SAP Note. This SAP Note describes the new, switchable authorization checks for RFC function modules in SAP ERP Contract Accounts Receivable and Payable.
Available fix and Supported packages
- SAPSCORE | 111 | 111
- S4CORE | 102 | 102
- FI-CA | 600 | 600
- FI-CA | 602 | 602
- FI-CA | 603 | 603
- FI-CA | 604 | 604
- FI-CA | 605 | 605
- FI-CA | 606 | 606
- FI-CA | 616 | 616
- FI-CA | 617 | 617
- FI-CA | 618 | 618
- FI-CA | 800 | 800
- FI-CA | 801 | 801
- | SAPK-S4CLOUD_1802 |
- S4CORE 102 | SAPK-10201INS4CORE |
- FI-CA 600 | SAPK-60030INFICA |
- FI-CA 800 | SAPK-80005INFICA |
- FI-CA 602 | SAPK-60220INFICA |
- FI-CA 801 | SAPK-80103INFICA |
- FI-CA 603 | SAPK-60319INFICA |
- FI-CA 604 | SAPK-60420INFICA |
- FI-CA 605 | SAPK-60517INFICA |
- FI-CA 606 | SAPK-60620INFICA |
- FI-CA 616 | SAPK-61612INFICA |
- FI-CA 617 | SAPK-61715INFICA |
- FI-CA 618 | SAPK-61809INFICA |
Affected component
- FI-CA
Contract Accounts Receivable and Payable
CVSS
Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2524203
