Description
The Monitor Data (F2436) and My Data Collections (F3991) apps do not perform the necessary authorization checks for an authenticated user, resulting in an escalation of privileges.
Some well-known impacts of missing authorization checks are:
- abuse functionality restricted to a particular user group
- read, modify, or delete restricted data
Available fix and Supported packages
- S4CORE | 102 | 102
- S4CORE | 103 | 103
- S4CORE | 104 | 104
- S4CORE | 105 | 105
- | SAPK-123BHINSAPSCORE |
- S4CORE 105 | SAPK-10501INS4CORE |
- S4CORE 102 | SAPK-10208INS4CORE |
- S4CORE 103 | SAPK-10306INS4CORE |
- S4CORE 104 | SAPK-10404INS4CORE |
Affected component
- EHS-SUS-EM
Environment Management
CVSS
Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2990992
