Skip links
RedRays
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

Missing authorization check in ERECRUIT, SAP security note 1738828

Description

An authenticated user can use functions of ERECRUIT to which access should be restricted. This may result in an escalation of privileges.

Available fix and Supported packages

  • ERECRUIT | 300 | 300
  • ERECRUIT | 600 | 600
  • ERECRUIT | 603 | 603
  • ERECRUIT | 604 | 604
  • ERECRUIT | 605 | 605
  • ERECRUIT | 606 | 606
  • ERECRUIT | 616 | 616
  • ERECRUIT 600 | SAPK-60022INERECRUIT |
  • ERECRUIT 603 | SAPK-60311INERECRUIT |
  • ERECRUIT 604 | SAPK-60412INERECRUIT |
  • ERECRUIT 605 | SAPK-60509INERECRUIT |
  • ERECRUIT 616 | 616 |
  • ERECRUIT 606 | SAPK-60605INERECRUIT |
  • ERECRUIT 300 | SAPK-30027INERECRUIT |

Affected component

    PA-ER
    E-Recruiting

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1738828

TAGS

#Authorization
#authorization-check
#ERECRUIT.

More to explorer