Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This allows an attacker to read sensitive information causing high impact on the confidentiality of the application.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NSap S4core
APPSap102103Sap S4coreop
APPSap104105106107108
Powiązane podatności
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.1...
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated...
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...