Skip links

Switchable authorization checks for RFC module in In-House-Cash., SAP security note 2743329

Description

UPDATE 9th February 2021 : This note has been re-released with the updated ‘validity’ information. We added the validity for the releases –

S4CORE 102 102

S4CORE 103 103

S4CORE 104 104

This note describes switchable authorization checks for RFC module IHC_PN_ST_INFO_GET in In House Cash Application.

Available fix and Supported packages

  • S4CORE | 102 | 102
  • S4CORE | 103 | 103
  • S4CORE | 104 | 104
  • | SAPK-S4CLOUD_1905 |
  • S4CORE 102 | SAPK-10204INS4CORE |
  • S4CORE 103 | SAPK-10302INS4CORE |

Affected component

    FIN-FSCM-IHC
    FSCM In-House Cash

CVSS

Score: 6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2743329

TAGS

#Access-controls
#authorization
#RFC
#SACF
#IHC_PN_ST_INFO_GET.

How to detect over 4100 vulnerabilities in SAP Systems?

More to explorer

Initiating SAP Penetration Testing

►   Pentest, short for penetration testing, refers to a set of processes that simulate an attacker’s actions to identify security vulnerabilities. Companies

SAP Security Patch Day RedRays

May 2024 SAP Security Patch Day

Vulnerability: Multiple vulnerabilities in SAP CX Commerce SAP Component: CEC-SCC-PLA-PL CVE ID: CVE-2019-17495 CVSS Score: 9.8 CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Category: Program error