Under certain conditions SAP SRM-MDM (CATALOG versions 3.0, 7.01, 7.02) utilities functionality allows an attacker to access information of user existence which would otherwise be restricted.
[
{
"product": "SAP SRM-MDM CATALOG",
"vendor": "SAP",
"versions": [
{
"status": "affected",
"version": "3.0"
},
{
"status": "affected",
"version": "7.01"
},
{
"status": "affected",
"version": "7.02"
}
]
}
]