CVSS: 6.5EPSS: 0%CPEs: 16EXPL: 0CVE-2022-31589
https://notcve.org/view.php?id=CVE-2022-31589
14 Jun 2022 — Due to improper authorization check, business users who are using Israeli File from SHAAM program (/ATL/VQ23 transaction), are granted more than needed authorization to perform certain transaction, which may lead to users getting access to data that would otherwise be restricted. Debido a una comprobación inapropiada de la autorización, a los usuarios de la empresa usando el programa Israeli File from SHAAM (transacción /ATL/VQ23), les es concedida más autorización de la necesaria para llevar a cabo determi... • https://launchpad.support.sap.com/#/notes/3203065 • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2021-38164
https://notcve.org/view.php?id=CVE-2021-38164
14 Sep 2021 — SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. These functions are normally exposed over the network and once exploited the attacker may be able to view and modify financial accounting data that only a specific user should have access to. SAP ERP Financi... • https://launchpad.support.sap.com/#/notes/3068582 • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 14EXPL: 0CVE-2020-6316
https://notcve.org/view.php?id=CVE-2020-6316
10 Nov 2020 — SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check. SAP ERP y SAP S/4 HANA, permiten a un usuario autenticado visualizar los registros de costos de objetos para los que no cuenta con autorización en los reportes de PS, conllevando a una Falta de Comprobación de Autorización • https://launchpad.support.sap.com/#/notes/2944188 • CWE-862: Missing Authorization •