Published in: sap note

Missing cross tenant authorization check in LOD-ESO-AS, SAP security note 1629242

Author RedRays Team

Published on: June 12, 2012

Description

An authenticated user can use functions of LOD-ESO-AS belonging to another tenant and thus access should be restricted to. This may result in an escalation of privileges.

Available fix and Supported packages

ESOUSRMJAVASERVER | 5.0 | 5.0
ESOUSRMJAVASERVER | 5.1 | 5.1
E-SOURCING SRM JAVA SERVER 5.0 | SP000 | 000010
SOURCING SRM JAVA SERVER 5.1 | SP010 | 000000

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/1629242

Missing cross tenant authorization check in LOD-ESO-AS, SAP security note 1629242

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Cross-tenant
#authorization-check
#LOD-ESO-AS

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Cross-tenant#authorization-check#LOD-ESO-AS

You may also like

#Cross-tenant
#authorization-check
#LOD-ESO-AS