CVE-2013-3061
SAP ERP Central Component and Healthcare Industry Solution - Authenticated Transaction Restriction Bypass
Title source: llmDescription
The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors.
References (4)
Core 4
Core References
Permissions Required x_refsource_misc
https://service.sap.com/sap/support/notes/1691744
Broken Link x_refsource_misc
http://www.esnc.de/sap-security-audit-and-scan-services/security-advisories/36-privilege-escalation-in-sap-is-healthcare
Broken Link x_refsource_confirm
http://scn.sap.com/docs/DOC-8218
Broken Link mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-04/0176.html
Scores
EPSS
0.0023
EPSS Percentile
45.4%
Details
CWE
CWE-264
Status
published
Products (2)
sap/erp_central_component
sap/healthcare_industry_solution
Published
May 01, 2013
Tracked Since
Feb 18, 2026