Description
An attacker can access active sessions in LOD-ESO-AS without authentication and authorization. This access allows the attacker to use application functionality to which access should be restricted. Furthermore, discovered information could be used to allow the attacker to specialize their attack against LOD-ESO-AS
Available fix and Supported packages
- ESOUSRMJAVASERVER | 5.0 | 5.0
- ESOUSRMJAVASERVER | 5.1 | 5.1
- E-SOURCING SRM JAVA SERVER 5.0 | SP000 | 000010
- SOURCING SRM JAVA SERVER 5.1 | SP010 | 000000
Affected component
- LOD-ESO-AS
Accounts & Security
CVSS
Score: 0
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected].
URL
https://launchpad.support.sap.com/#/notes/1626450