Missing Authorization Check in demand planning (SCM-APO-FCS), SAP security note 1514760
Description
An authenticated user can use functionality of promotion planning to which access should be restricted. This can potentially result in an Escalation of Privileges.
The following reports are impacted :
- /SAPAPO/PROMBASE_REPORT_SET
- /SAPAPO/PROMOTION_MASS_MENU
Available fix and Supported packages
- SCM | 400 | 400
- SCM | 410 | 410
- SCM | 500 | 500
- SCM | 510 | 510
- SCM 400 | SAPKY40022 |
- SCM 410 | SAPKY41021 |
- SCM 500 | SAPKY50019 |
- SCM 510 | SAPKY51015 |
Affected component
- SCM-APO-FCS
Demand Planning
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/1514760