PT-2017-14523 · Sap · Sap Business Intelligence Promotion Management Application

Published

2017-12-12

Updated

2017-12-22

CVE-2017-16684

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Business Intelligence Promotion Management Application versions 4.10 through 4.30

Description The issue concerns the lack of authentication checks for certain functionalities that require user identity.

Recommendations For versions 4.10 through 4.30, consider implementing additional authentication checks for functionalities that require user identity as a temporary workaround until a patch is available.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2017-16684

Affected Products

Sap Business Intelligence Promotion Management Application

PT-2017-14523 · Sap · Sap Business Intelligence Promotion Management Application

CVE-2017-16684

Weakness Enumeration

Related Identifiers

Affected Products

References · 5