SAP Applications Missing Authorization Check Vulnerability in Overtime Requests Management
Vulnerability
A vulnerability exists in certain SAP applications due to a missing authorization check. This flaw allows logged-in attackers to view or delete 'My Overtime Requests', potentially accessing sensitive employee information. The issue arises from inadequate authorization controls, leading to a low impact on the application's confidentiality and integrity, with no effect on availability.
Impact
Exploitation of this vulnerability could result in unauthorized access to employee information through the 'My Overtime Requests' feature, allowing for viewing or deletion of these requests.
Remediation
Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, specifically in the 'SAP Security Notes' section. For details on the next SAP Security Patch Day, refer to the SAP Security Patch Day Bulletin Archive.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.