PT-2013-24: Concealing User Authority in SAP NetWeaver Vulnerable softwareSAP NetWeaver Version: 7.20SAP_BASIS Version: 7.31 and earlierLink: http://sap.com/Severity levelSeverity level: Medium Impact: Concealing User Authority Access Vector: Remote CVSS v2: Base Score: 4.6 Vector: (AV:N/AC:H/AU:S/C:P/I:P/A:P)CVE: not assignedSoftware descriptionSAP NetWeaver is a special software solution by SAP that is a basis for all SAP Business Suite applications. Vulnerability descriptionThe specialists of the Positive Research center have detected "Concealing User Authority" vulnerability in SAP NetWeaver.No matter how much authority the user '............' has, it is not reflected in report RSUSR002.How to fixUpdate your software up to the latest versionAdvisory status 20.03.2013 - Vendor gets vulnerability details 10.06.2013 - Vendor releases fixed version and details 13.09.2013 - Public disclosureCreditsThe vulnerability was detected by Dmitry Gutsko, Positive Research Center (Positive Technologies Company)Referenceshttp://en.securitylab.ru/lab/PT-2013-24 https://service.sap.com/sap/support/notes/1844202 Reports on the vulnerabilities previously discovered by Positive Research:http://www.ptsecurity.com/research/advisory/ http://en.securitylab.ru/lab/