Overview
- Description
- SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform necessary authorization checks for an authenticated user, allowing the import of B2B table content that leads to Missing Authorization Check.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-862
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37762296-D9B4-45E1-89D8-A86EBA94ACC5"
},
{
"criteria": "cpe:2.3:a:sap:netweaver_process_integration:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B35864E3-F0ED-43EB-AD1C-DFF9D95E4E45"
}
],
"operator": "OR"
}
]
}
]