CVE Vulnerability

CVE-2018-2419

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

5.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

Scope

4.6 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.1 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://launchpad.support.sap.com/#/notes/2596627 Permissions Required
https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/ Vendor Advisory
http://www.securityfocus.com/bid/104116 Third Party Advisory VDB Entry
Configurations

Configuration 1

cpe:2.3:a:sap:sapscore:1.12:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapscore:1.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:1.02:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:1.01:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.05:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.06:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.16:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.17:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.18:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:8.0:*:*:*:*:*:*:*
Information

Published : 2018-05-09 08:29

Updated : 2019-10-09 11:40

NVD link : CVE-2018-2419

Mitre link : CVE-2018-2419

Products Affected
No products.
CWE
CWE-862