CVE-2013-3061 | Vulnerability Database | Aqua Security

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

Affected Software

Name	Vendor	Start Version	End Version
Erp_central_component	Sap	- (including)	- (including)
Healthcare_industry_solution	Sap	- (including)	- (including)

References

http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html
http://scn.sap.com/docs/DOC-8218
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare
https://service.sap.com/sap/support/notes/1691744
http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html
http://scn.sap.com/docs/DOC-8218
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare
https://service.sap.com/sap/support/notes/1691744

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-3061
CWE	https://cwe.mitre.org/data/definitions/264.html