2261482 - Privilege Escalation through direct page reference | SAP Knowledge Base Article

SAP Knowledge Base Article - Preview

2261482 - Privilege Escalation through direct page reference

Symptom

  • A User with a given role/job type is able to access pages from Business Central to which they have not been granted Entitlements.
  • In this instance, a user with a custom job type who did not have access to the functionality under the System tab on the Top Navigation Bar was able to directly access pages for functions under the System tab.

Read more...

Environment

  • SAP Online Business Banking 8.3
  • SAP Online Retail Banking 8.3
  • Sybase Corporate Online Banking 8.2
  • SAP Online Retail Banking 8.0
  • Sybase Retail Online Banking 7.0
  • Sybase Corporate Online Banking 7.0

Product

SAP Online Business Banking 8.3 ; SAP Online Retail Banking 8.0 ; SAP Online Retail Banking 8.3 ; Sybase Corporate Banking 7.0 ; Sybase Corporate Online Banking 8.2 ; Sybase Retail Online Banking 7.0

Keywords

privilege, escalation, refer, page, URL, authorities, permissions , KBA , FS-OLB , SAP Online Banking , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.