1 results (0.004 seconds)

CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0

Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. There is no effect on confidentiality or availability. • https://me.sap.com/notes/3505293 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •