On the 14th of May 2019, SAP Security Patch Day saw the release of 11 Security Notes.
Notes by severity
|Correction with high priority||1|
|Correction with medium priority||10|
|Correction with low priority||0|
On May Patch Day SAP presents 1 high-severity Note.
We will cover the only high-severity Note for this month and it will be Note 2784307 – Privilege Escalation in SAP Identity Management REST Interface Version 2 – with a CVSS Score of 8.4. Via SAP Identity Management REST Interface Version 2, it is occasionally feasible to request changes to role or privilege assignments that would normally only be permitted for viewing. Some well-known impacts of this vulnerability are privilege escalation for connected systems to SAP Identity Management and loss of confidentiality and integrity of connected systems.