SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NSap Erp
APPSap600602603604605606616617618Sap S\/4hana
APPSap100101102103104
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2026-0488CRITICAL9.9PL ✓ten sam produkt
SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL
CVE-2022-22530HIGH8.1ten sam produkt
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...
CVE-2022-22531HIGH8.1ten sam produkt
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...
CVE-2021-38176HIGH8.8ten sam produkt
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call N...
CVE-2020-6188HIGH8.8ten sam produkt
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617,...