UI2 missing authorization check when adding a Chip, SAP security note 1876993

Description

An authenticated user can use functions of the UI2 Pagebuilding service to which access should be restricted. This may result in an escalation of privileges.

Available fix and Supported packages

UI2_FND | 100 | 100
UI2_700 | 100 | 100
SAP_UI | 740 | 740
UI2_FND 100 | SAPK-10005INUI2FND |
UI2_700 100 | SAPK-10005INUI2700 |
SAP_UI 740 | SAPK-74004INSAPUI |

Affected component

CVSS

Score: 0

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected].

URL

https://launchpad.support.sap.com/#/notes/1876993

Arpine Maghakyan

UI2 missing authorization check when adding a Chip, SAP security note 1876993

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Authorization
#authorization-check
#Pagebuilding-Service

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

Arpine Maghakyan

UI2 missing authorization check when adding a Chip, SAP security note 1876993

Description

Available fix and Supported packages

Affected component

CVSS

Exploit

URL

TAGS

#Authorization#authorization-check#Pagebuilding-Service

More to explorer

Press release: RedRays discovered major cybersecurity leak affects 4800 domains

Urgent Security Notice: RedRays Discloses Major Data Breach Affecting SAP Customers

[CVE-2021-33690] Server Side Request Forgery vulnerability in SAP NetWeaver Development Infrastructure

Exploring P4 Protocol: Usage, Implementation, and CVE-2021-37535

#Authorization
#authorization-check
#Pagebuilding-Service