You can use authorization objects to display or hide functions in applications. However, you can still execute these functions by manipulating the URL on a Business Server Page (BSP). An additional authorization check before execution is missing.
Other terms
Forceful browsing
Reason and Prerequisites
This problem is caused by a design error.
Solution
Import the Support Package specified in the attachment or implement the correction instructions.
Affected Releases
|
Visit https://service.sap.com/sap/support/notes/1142067 for Correction delivered in Support Package and Corrections Instructions
No comments:
Post a Comment