SAP Cloud Connector, before version 2.11.3, does not perform any authentication checks for functionalities that require user identity.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/106463 | Third Party Advisory VDB Entry |
https://launchpad.support.sap.com/#/notes/2696233 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2019-01-08 20:29
Updated : 2024-02-04 20:03
NVD link : CVE-2019-0246
Mitre link : CVE-2019-0246
CVE.ORG link : CVE-2019-0246
JSON object : View
Products Affected
sap
- cloud_connector
CWE
CWE-306
Missing Authentication for Critical Function