Unintended Information Disclosure in SAP Portfolio and Project Management

Unintended Information Disclosure in SAP Portfolio and Project Management

CVE-2019-0399 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

SAP Portfolio and Project Management, before versions S4CORE 102, 103, EPPM 100 and CPRXRPM 500_702, 600_740, 610_740; unintentionally allows a user to discover accounting information of the Projects in Project dashboard, leading to Information Disclosure.

Learn more about our User Device Pen Test.