Authorization Flaw in SAP Enterprise Financial Services by SAP
CVE-2018-2484

8.8HIGH

Key Information:

Vendor
SAP
Status
SAP Enterprise Financial Services (SAPscore)
SAP Enterprise Financial Services (s4core)
SAP Enterprise Financial Services (ea-finserv)
SAP Enterprise Financial Services (bank/cfm)
Vendor
CVE Published:
8 January 2019

Summary

SAP Enterprise Financial Services has a vulnerability that allows authenticated users to bypass necessary authorization checks. This flaw can lead to unauthorized privilege escalation, potentially allowing an attacker to gain access to sensitive functionalities and data. It affects multiple versions of SAPSCORE, S4CORE, EA-FINSERV, and Bank/CFM products. Users and organizations utilizing these services must apply the relevant updates to mitigate this risk.

Affected Version(s)

SAP Enterprise Financial Services (Bank/CFM) < 4.63_20

SAP Enterprise Financial Services (EA-FINSERV) < 1.10 < 1.10

SAP Enterprise Financial Services (EA-FINSERV) < 2.0 < 2.0

References

https://launchpad.support.sap.com/#/notes/2662687
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
http://www.securityfocus.com/bid/106477
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.