Description
This SAP Note addresses the scenario in which the reports for Brazil do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Missing authorization checks may result in:
- Abuse of a functionality restricted to a particular user group
- Read restricted data
Available fix and Supported packages
- S4CORE | 103 | 103
- S4CORE | 104 | 104
- | SAPK-S4CLOUD_2005 |
- S4CORE 103 | SAPK-10304INS4CORE |
- S4CORE 104 | SAPK-10402INS4CORE |
Affected component
- FI-LOC-FI-BR
Advanced Compliance Reporting for Brazil
CVSS
Score: 3.8
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2874738