CVE-2019-0383

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Link	Resource
https://launchpad.support.sap.com/#/notes/2819170	Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390	Vendor Advisory

Configuration 1

cpe:2.3:a:sap:enterprise_extension_financial_services:6.03:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:6.04:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:6.05:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:6.06:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:6.16:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:6.17:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:6.18:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:8.0:*:*:*:*:*:*:* cpe:2.3:a:sap:enterprise_extension_financial_services:6.0:*:*:*:*:*:*:* cpe:2.3:a:sap:treasury_and_risk_management_(s4core):1.02:*:*:*:*:*:*:* cpe:2.3:a:sap:treasury_and_risk_management_(s4core):1.03:*:*:*:*:*:*:* cpe:2.3:a:sap:treasury_and_risk_management_(s4core):1.04:*:*:*:*:*:*:* cpe:2.3:a:sap:treasury_and_risk_management_(s4core):1.01:*:*:*:*:*:*:*

---

Published : 2019-12-17 08:15

Updated : 2019-12-20 04:13

---

NVD link : CVE-2019-0383

Mitre link : CVE-2019-0383

No products.

CWE-863