CVE-2019-0325 Information

Description

SAP ERP HCM (SAP_HRCES) version 3 does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions the user that once had authorization to payroll data of an employee which was later revoked may retain access to the same data.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

http://www.securityfocus.com/bid/109075 https://launchpad.support.sap.com//notes/2798133 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.2