CVE-2018-2484

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
sapCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
sapsapscore
1.13
sapsapscore
1.14
sapsapscore
1.15
saps4core
1.01
saps4core
1.02
saps4core
1.03
sapea-finserv
1.10
sapea-finserv
2.0
sapea-finserv
5.0
sapea-finserv
6.0
sapea-finserv
6.03
sapea-finserv
6.04
sapea-finserv
6.05
sapea-finserv
6.06
sapea-finserv
6.16
sapea-finserv
6.17
sapea-finserv
6.18
sapea-finserv
8.0
sapbank\/cfm
4.63_20:_20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/106477
https://launchpad.support.sap.com/#/notes/2662687
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985
http://www.securityfocus.com/bid/106477
https://launchpad.support.sap.com/#/notes/2662687
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985