SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.
2019-12-11T22:15:11.757
2024-11-21T04:16:47.930
Modified
CVSSv3.1: 6.5 (MEDIUM)
AV:N/AC:L/Au:S/C:P/I:N/A:N
8.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sap | portfolio_and_project_management | cprxrpm_500_702 | Yes |
| Application | sap | portfolio_and_project_management | cprxrpm_600_740 | Yes |
| Application | sap | portfolio_and_project_management | cprxrpm_610_740 | Yes |
| Application | sap | portfolio_and_project_management | eppm_100 | Yes |
| Application | sap | portfolio_and_project_management | s4core_102 | Yes |
| Application | sap | portfolio_and_project_management | s4core_103 | Yes |