CVE-2017-14511

Name of the Vulnerable Software and Affected Versions SAP E-Recruiting versions 605 through 617

Description An issue in the registration process of SAP E-Recruiting allows attackers to bypass email confirmation and register email addresses they do not have access to. This is due to the predictability of candidate hrobject and improper validation of corr act guid. As a result, an attacker could prevent legitimate users from registering with an already registered email address.

Recommendations For SAP E-Recruiting versions 605 through 617, apply the fix provided in SAP Security Note 2507798 to address the issue with email confirmation bypass and improper validation of corr act guid.