Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-0325

SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data.

Published

2019-07-10T20:15:11.903

Last Modified

2024-11-21T04:16:41.060

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 4.2 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

6.8

Impact Score

4.9

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	erp_hcm	3.0	Yes

References

http://www.securityfocus.com/bid/109075 Third Party Advisory, VDB Entry ([email protected])
https://launchpad.support.sap.com/#/notes/2798133 Permissions Required, Vendor Advisory ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/109075 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2798133 Permissions Required, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)