SAP Electronic Invoicing eDocument Cockpit Unauthorized Access Vulnerability

A vulnerability in the eDocument Cockpit (Inbound NF-e) component of SAP Electronic Invoicing for Brazil allows an authenticated attacker with specific privileges to access transaction details without authorization. By invoking a particular ABAP method within the ABAP system, the attacker could retrieve information about inbound deliveries, potentially compromising transaction confidentiality. This issue does not affect the application's integrity or availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to transaction details, allowing an attacker to view sensitive inbound delivery information.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP for Me platform, where all security notes are available. For guidance on accessing and applying SAP Security Notes, refer to the SAP Security Notes FAQs.