V1200750

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

sap

CWE-862

NVD

Published: 2021-12-14

Updated: 2022-01-03

Summary

SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated user, which could lead to escalation of privileges.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Access Control V1100_700 SAP Access Control V1100_731 SAP Access Control V1200_750	3

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://launchpad.support.sap.com/#/notes/3080816
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021