In some SAP standard roles, in SAP_ABA versions, 7.00 to 7.02, 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50, 75C to 75D, a transaction code reserved for customer is used. By implementing such transaction code a malicious user may execute unauthorized transaction functionality.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Advanced_business_application_programming | Sap | 7.00 (including) | 7.02 (including) |
Advanced_business_application_programming | Sap | 7.10 (including) | 7.11 (including) |
Advanced_business_application_programming | Sap | 7.30 (including) | 7.30 (including) |
Advanced_business_application_programming | Sap | 7.31 (including) | 7.31 (including) |
Advanced_business_application_programming | Sap | 7.40 (including) | 7.40 (including) |
Advanced_business_application_programming | Sap | 7.50 (including) | 7.50 (including) |
Advanced_business_application_programming | Sap | 75c (including) | 75c (including) |
Advanced_business_application_programming | Sap | 75d (including) | 75d (including) |