During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the content shown, beyond their authorized scope. This leads to disclosure of sensitive information causing a high impact on confidentiality, while integrity and availability are unaffected.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NSap Human Capital Management
APPSaps4hcmrxx_100s4hcmrxx_101s4hcmrxx_102sap_hrrxx_600sap_hrrxx_604sap_hrrxx_608Sap S\/4hana
APPSapwszystkie wersje
Powiązane podatności
SAP CRM / S/4HANA Scripting Editor — nieautoryzowane wykonanie SQL
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does ...
Due to improper input sanitization, an authenticated user with certain specific privileges can remotely call N...
Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), a...