8.8

CVE-2018-2484

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPSapscore Version1.13
SAPSapscore Version1.14
SAPSapscore Version1.15
SAPS4core Version1.01
SAPS4core Version1.02
SAPS4core Version1.03
SAPEa-finserv Version1.10
SAPEa-finserv Version2.0
SAPEa-finserv Version5.0
SAPEa-finserv Version6.0
SAPEa-finserv Version6.03
SAPEa-finserv Version6.04
SAPEa-finserv Version6.05
SAPEa-finserv Version6.06
SAPEa-finserv Version6.16
SAPEa-finserv Version6.17
SAPEa-finserv Version6.18
SAPEa-finserv Version8.0
SAPBank/cfm Version4.63_20
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.52% 0.644
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://www.securityfocus.com/bid/106477
Third Party Advisory
VDB Entry
https://launchpad.support.sap.com/#/notes/2662687
Vendor Advisory
Permissions Required