Skip links

Missing Authorization check in SAP Direct Store Delivery, SAP security note 2580258

Description

SAP Direct Store Delivery does not perform necessary authorization checks. This might allow a user to access data that he/she might not be authorized to access.

Available fix and Supported packages

  • MOBDSDEI | 606 | 606
  • MOBDSDEI | 800 | 800
  • MOBDSDEI | 618 | 618
  • MOBDSDEI 606 | SAPK-60604INMOBDSDEI |
  • MOBDSDEI 800 | SAPK-80001INMOBDSDEI |
  • MOBDSDEI 618 | SAPK-61801INMOBDSDEI |

Affected component

    MOB-APP-ERP-DSD
    SAP Direct Store Delivery

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2580258

TAGS

#Access-control
#Authorization-error
#Authorization-profile