Published: 08/01/2019 Updated: 09/09/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap sapscore 1.14
sap sapscore 1.15
sap sapscore 1.13
sap s4core 1.01
sap s4core 1.02
sap s4core 1.03
sap ea-finserv 6.03
sap ea-finserv 6.06
sap ea-finserv 6.17
sap ea-finserv 1.10
sap ea-finserv 2.0
sap ea-finserv 6.18
sap ea-finserv 8.0
sap ea-finserv 6.04
sap ea-finserv 5.0
sap ea-finserv 6.0
sap ea-finserv 6.05
sap ea-finserv 6.16
sap bank\\/cfm 4.63_20

Make a SAP decision: Apply these security fixes if you're using German giant's software

The Register • Richard Chirgwin • 09 Jan 2019

11 patches ship on Patch Tuesday

While you were sighing your way through Microsoft's Patch Tuesday, enterprise vendor SAP slid 11 security advisories under your door. Top of the list is a depressingly familiar howler in SAP Cloud Connector pre-version 2.11.3: the software neglects authentication checks for functions that require user identity (CVE-2019-0246). A related bug in Cloud Connector (the same versions), CVE-2019-0247, can be exploited to achieve remote code injection. The German titan's systems management environment, ...

CVE-2018-2484

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect