Skip links

Missing Authorization check in PA-PA-US, SAP security note 2457014

Description

PA-PA-US does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

 Some well-known impacts of Missing Authorization check are –

  • abuse functionality restricted to a particular user group
  • read, modify or delete restricted data   

Available fix and Supported packages

  • EA-HRCUS | 200 | 200
  • EA-HRCUS | 500 | 500
  • EA-HRCUS | 600 | 600
  • EA-HRCUS | 602 | 602
  • EA-HRCUS | 603 | 603
  • EA-HRCUS | 604 | 604
  • EA-HRCUS | 605 | 605
  • EA-HRCUS | 606 | 606
  • EA-HRCUS | 607 | 607
  • EA-HRCUS | 608 | 608
  • EA-HRCUS 500 | SAPK-500C3INEAHRCUS |
  • EA-HRCUS 200 | SAPK-200E2INEAHRCUS |
  • EA-HRCUS 604 | SAPK-604B5INEAHRCUS |
  • EA-HRCUS 608 | SAPK-60843INEAHRCUS |
  • EA-HRCUS 605 | SAPK-60592INEAHRCUS |
  • EA-HRCUS 600 | SAPK-600E9INEAHRCUS |
  • EA-HRCUS 607 | SAPK-60766INEAHRCUS |
  • EA-HRCUS 606 | SAPK-60677INEAHRCUS |
  • EA-HRCUS 602 | SAPK-602C8INEAHRCUS |
  • EA-HRCUS 603 | SAPK-603C3INEAHRCUS |

Affected component

    PA-PA-US
    USA

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2457014

TAGS

#Access-control
#Authorization-error
#Authorization-profile