CVE-2017-14511 Information

Description

An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through 617. When an external applicant registers to the E-Recruiting application he/she receives a link by email to confirm access to the provided email address. However this measure can be bypassed and attackers can register and confirm email addresses that they do not have access to (candidate_hrobject is predictable and corr_act_guid is improperly validated). Furthermore since an email address can be registered only once an attacker could prevent other legitimate users from registering. This is SAP Security Note 2507798.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://blogs.sap.com/2017/09/12/sap-security-patch-day-september-2017/ https://launchpad.support.sap.com//notes/2507798 https://www.sec-consult.com/en/blog/advisories/email-verification-bypass-in-sap-e-recruiting/index.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5