SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This has low impact on integrity, confidentiality and availability are not impacted.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NSap S4core
APPSap102103104105106107
Related vulnerabilities
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escal...
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.1...
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...