The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html | Broken Link |
http://scn.sap.com/docs/DOC-8218 | Broken Link |
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare | Broken Link |
https://service.sap.com/sap/support/notes/1691744 | Permissions Required |
http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html | Broken Link |
http://scn.sap.com/docs/DOC-8218 | Broken Link |
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare | Broken Link |
https://service.sap.com/sap/support/notes/1691744 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:52
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html - Broken Link | |
References | () http://scn.sap.com/docs/DOC-8218 - Broken Link | |
References | () http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare - Broken Link | |
References | () https://service.sap.com/sap/support/notes/1691744 - Permissions Required |
26 Sep 2023, 20:09
Type | Values Removed | Values Added |
---|---|---|
First Time |
Sap erp Central Component
|
|
CPE | cpe:2.3:a:sap:erp_central_component:-:*:*:*:*:*:*:* | |
References | (MISC) https://service.sap.com/sap/support/notes/1691744 - Permissions Required | |
References | (MISC) http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare - Broken Link | |
References | (CONFIRM) http://scn.sap.com/docs/DOC-8218 - Broken Link | |
References | (BUGTRAQ) http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html - Broken Link |
Information
Published : 2013-05-01 12:00
Updated : 2024-11-21 01:52
NVD link : CVE-2013-3061
Mitre link : CVE-2013-3061
CVE.ORG link : CVE-2013-3061
JSON object : View
Products Affected
sap
- healthcare_industry_solution
- erp_central_component
CWE
CWE-264
Permissions, Privileges, and Access Controls