Insufficient Authorization Checks in SAP S/4HANA Business Partner Extension for Spain/Slovakia

Insufficient Authorization Checks in SAP S/4HANA Business Partner Extension for Spain/Slovakia

CVE-2022-31597 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application business partner extension for Spain/Slovakia does not perform necessary authorization checks for a low privileged authenticated user over the network, resulting in escalation of privileges leading to low impact on confidentiality and integrity of the data.

Learn more about our Network Penetration Testing.