Assigner | sap |
Reserved | 2024-04-17 |
Published | 2024-05-14 |
Updated | 2024-06-12 |
Description
SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the confidentiality, integrity and availability of the application.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |
Problem types
CWE-862: Missing Authorization
Product status
600
References
https://me.sap.com/notes/3447467