CVE-2024-27900 Information

Description

Due to missing authorization check attacker with business user account in SAP ABAP Platform - version 758 795 can change the privacy setting of job templates from shared to private. As a result the selected template would only be accessible to the owner.

Reference

https://me.sap.com/notes/3419022 https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364