2 results (0.020 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application • https://me.sap.com/notes/3474590 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •

CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0

SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application. • https://me.sap.com/notes/3474590 https://url.sap/sapsecuritypatchday • CWE-862: Missing Authorization •