Description
Due to missing authorization check, a user who has access to Generic Market Data of SAP Banking Services can also access protected Business Partner Ids. These Business Partner Ids are confidential data and could be misused by a malicious actor.
Available fix and Supported packages
- FSAPPL | 400 | 400
- FSAPPL | 450 | 450
- FSAPPL | 500 | 500
- FSAPPL 450 | SAPK-45022INFSAPPL |
- FSAPPL 400 | SAPK-40031INFSAPPL |
- FSAPPL 500 | SAPK-50016INFSAPPL |
Affected component
- FS-BA-SD-PO
Primary Objects
CVSS
Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/3008422