CVE-2018-2419

Summary

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Enterprise Financial Services (SAPSCORE)1.11affected
SAP SESAP Enterprise Financial Services (SAPSCORE)1.12affected
SAP SESAP Enterprise Financial Services (S4CORE)1.01affected
SAP SESAP Enterprise Financial Services (S4CORE)1.02affected
SAP SESAP Enterprise Financial Services (EA-FINSERV)6.04affected
SAP SESAP Enterprise Financial Services (EA-FINSERV)6.05affected
SAP SESAP Enterprise Financial Services (EA-FINSERV)6.06affected
SAP SESAP Enterprise Financial Services (EA-FINSERV)6.16affected
SAP SESAP Enterprise Financial Services (EA-FINSERV)6.17affected
SAP SESAP Enterprise Financial Services (EA-FINSERV)6.18affected
SAP SESAP Enterprise Financial Services (EA-FINSERV)8.0affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References