Description
The BSP Applications for Job Pricing and Budgeting, HRECM_BDG_START and HRECM_JPR_START, have defined target BSP Applications which are passed by an page attribute in a URL.
BSP Applications others than the defined ones could be started by users with authorizations by manipulating the page attributes value.
Available fix and Supported packages
- EA-HRGXX | 200 | 200
- EA-HRGXX | 500 | 500
- EA-HRGXX | 600 | 600
- EA-HRGXX | 602 | 602
- EA-HRGXX | 603 | 603
- EA-HRGXX | 604 | 604
- EA-HRGXX | 605 | 605
- EA-HRGXX 605 | SAPK-60501INEAHRGXX |
- EA-HRGXX 600 | SAPK-60056INEAHRGXX |
- EA-HRGXX 602 | SAPK-60235INEAHRGXX |
- EA-HRGXX 604 | SAPK-60422INEAHRGXX |
- EA-HRGXX 500 | SAPK-50073INEAHRGXX |
- EA-HRGXX 603 | SAPK-60330INEAHRGXX |
- EA-HRGXX 200 | SAPK-20088INEAHRGXX |
Affected component
- PA-EC
Enterprise Compensation Management
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/1452492
