CVE-2013-3061
https://notcve.org/view.php?id=CVE-2013-3061
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. La función ishmed-PATRED_TRANSACT_RFCCALL en el componente Industry-Specific Component Hospital IS-H en la solución SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), permite a los usuarios remotos autenticados evitar las restricciones de operación que se pretende a través de vectores no especificados. • http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html http://scn.sap.com/docs/DOC-8218 http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare https://service.sap.com/sap/support/notes/1691744 • CWE-264: Permissions, Privileges, and Access Controls •