Skip links
RedRays - Your SAP Security Solution
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

SAP Security on Udemy

Switchable authorization checks for RFC module in In-House-Cash., SAP security note 2743329

Description

UPDATE 9th February 2021 : This note has been re-released with the updated ‘validity’ information. We added the validity for the releases –

S4CORE 102 102

S4CORE 103 103

S4CORE 104 104

This note describes switchable authorization checks for RFC module IHC_PN_ST_INFO_GET in In House Cash Application.

Available fix and Supported packages

  • S4CORE | 102 | 102
  • S4CORE | 103 | 103
  • S4CORE | 104 | 104
  • | SAPK-S4CLOUD_1905 |
  • S4CORE 102 | SAPK-10204INS4CORE |
  • S4CORE 103 | SAPK-10302INS4CORE |

Affected component

    FIN-FSCM-IHC
    FSCM In-House Cash

CVSS

Score: 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2743329

TAGS

#Access-controls
#authorization
#RFC
#SACF
#IHC_PN_ST_INFO_GET.

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series. 

JOIN