CVE-2024-27900
published 2024-03-12CVE-2024-27900: Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job…
medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | abap_platform | — | — |
| sap | abap_platform | — | — |
| sap_se | sap_abap_platform | — | — |
| sap_se | sap_abap_platform | — | — |