PT-2017-13497 · Sap · Sap E-Recruiting

Published

2017-09-17

Updated

2017-09-28

CVE-2017-14511

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SAP E-Recruiting versions 605 through 617

Description An issue in the registration process of SAP E-Recruiting allows attackers to bypass email confirmation and register email addresses they do not have access to. This is due to the predictability of candidate hrobject and improper validation of corr act guid. As a result, an attacker could prevent legitimate users from registering with an already registered email address.

Recommendations For SAP E-Recruiting versions 605 through 617, apply the fix provided in SAP Security Note 2507798 to address the issue with email confirmation bypass and improper validation of corr act guid.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2017-14511

Affected Products

Sap E-Recruiting

PT-2017-13497 · Sap · Sap E-Recruiting

CVE-2017-14511

Weakness Enumeration

Related Identifiers

Affected Products

References · 5