Remote Bypass of Transaction Restrictions in SAP Healthcare Industry Solution

Remote Bypass of Transaction Restrictions in SAP Healthcare Industry Solution

CVE-2013-3061 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

Learn more about our User Device Pen Test.