CVE-2018-2454

Summary

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
SAPSAP Enterprise Financial Services= 6.05affected
SAPSAP Enterprise Financial Services= 6.06affected
SAPSAP Enterprise Financial Services= 6.16affected
SAPSAP Enterprise Financial Services= 6.17affected
SAPSAP Enterprise Financial Services= 6.18affected
SAPSAP Enterprise Financial Services= 8.0affected

Weaknesses

  • Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References