Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)
Vulnerability Description
The Manage Bank Statements in SAP S/4HANA does not perform required access control checks for an authenticated user to confirm whether a request to interact with a resource is legitimate, allowing the attacker to delete the attachment of a posted bank statement. This leads to a low impact on integrity, with no impact on the confidentiality of the data or the availability of the application.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
SAP S4 HANA 安全漏洞
Vulnerability Description
SAP S4 HANA是德国思爱普(SAP)公司的一个用于提高数据库效率的软件。 SAP S4 HANA存在安全漏洞,该漏洞源于未执行必要的访问控制检查,可能导致删除已发布银行对账单的附件。
CVSS Information
N/A
Vulnerability Type
N/A