CVE-2019-0325

Name of the Vulnerable Software and Affected Versions SAP ERP HCM (SAP HRCES) version 3

Description The issue arises from insufficient authorization checks in a report that reads payroll data of employees in a certain area. This can lead to a situation where a user who once had authorization to payroll data, but later had it revoked, may still retain access to the same data. The vulnerability is caused by weaknesses in the authorization procedure, which can be exploited by a remote attacker to elevate their privileges.

Recommendations For SAP ERP HCM (SAP HRCES) version 3, consider implementing additional authorization checks for the report that reads payroll data to prevent unauthorized access. As a temporary workaround, restrict access to the payroll data report until a proper fix is applied.