Privilege Escalation in SAP Disclosure Management
CVE-2019-0258

8.8HIGH

Key Information:

Vendor
SAP
Status
SAP Disclosure Management
Vendor
CVE Published:
15 February 2019

Summary

The vulnerability in SAP Disclosure Management version 10.01 arises from insufficient authorization checks for authenticated users, potentially allowing an attacker to escalate their privileges and gain unauthorized access to sensitive data and functionalities within the application. This lack of proper validation could lead to severe implications, including data manipulation or exposure. Organizations using this version should prioritize remediation to safeguard against potential exploitation.

Affected Version(s)

SAP Disclosure Management < 10.01

References

https://launchpad.support.sap.com/#/notes/2724014
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
http://www.securityfocus.com/bid/106969
vdb-entryx_refsource_BID

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.