CVE-2013-3061 Information

Description

The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution and the SAP ERP central component (aka ECC 6) allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html http://scn.sap.com/docs/DOC-8218 http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare https://service.sap.com/sap/support/notes/1691744