SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application.