CVE-2018-2455

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
sapenterprise_financial_services
6.05
sapenterprise_financial_services
6.06
sapenterprise_financial_services
6.16
sapenterprise_financial_services
6.17
sapenterprise_financial_services
6.18
sapenterprise_financial_services
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105320
https://launchpad.support.sap.com/#/notes/2646067
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
http://www.securityfocus.com/bid/105320
https://launchpad.support.sap.com/#/notes/2646067
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993