Vulnerability Description
SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user that once had authorization to payroll data of an employee, which was later revoked, may retain access to the same data.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Erp Hcm | 3.0 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/109075Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2798133Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575Vendor Advisory
- http://www.securityfocus.com/bid/109075Third Party AdvisoryVDB Entry
- https://launchpad.support.sap.com/#/notes/2798133Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575Vendor Advisory
FAQ
What is CVE-2019-0325?
CVE-2019-0325 is a vulnerability with a CVSS score of 4.2 (MEDIUM). SAP ERP HCM (SAP_HRCES) , version 3, does not perform necessary authorization checks for a report that reads payroll data of employees in a certain area. Due to this under certain conditions, the user...
How severe is CVE-2019-0325?
CVE-2019-0325 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-0325?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Erp Hcm.