CVE-2019-0386
N/A
N/A
Summary
Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.0 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.02 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.03 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.04 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.05 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.06 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.16 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.17 | affected |
| SAP SE | SAP ERP Sales (SAP_APPL) | < 6.18 | affected |
| SAP SE | S4HANA Sales (S4CORE) | < 1.0 | affected |
| SAP SE | S4HANA Sales (S4CORE) | < 1.01 | affected |
| SAP SE | S4HANA Sales (S4CORE) | < 1.02 | affected |
| SAP SE | S4HANA Sales (S4CORE) | < 1.03 | affected |
| SAP SE | S4HANA Sales (S4CORE) | < 1.04 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
- https://launchpad.support.sap.com/#/notes/2840520
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
- https://launchpad.support.sap.com/#/notes/2840520
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.