Authorization Flaw in SAP Enterprise Financial Services
CVE-2018-2454
8.8HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 September 2018
What is CVE-2018-2454?
The SAP Enterprise Financial Services product versions 6.05, 6.06, 6.16, 6.17, 6.18, and 8.0 have been reported to lack proper authorization checks within the business function EAFS_BCA_BUSOPR_2. This vulnerability allows for authenticated users to escalate their privileges erroneously, potentially allowing unauthorized access to sensitive operations. Organizations using these affected versions are advised to apply relevant patches and review user permissions to mitigate this security risk.
Affected Version(s)
SAP Enterprise Financial Services = 6.05 = 6.05
SAP Enterprise Financial Services = 6.06 = 6.06
SAP Enterprise Financial Services = 6.16 = 6.16