CVE-2019-0386

Summary

Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP ERP Sales (SAP_APPL)< 6.0affected
SAP SESAP ERP Sales (SAP_APPL)< 6.02affected
SAP SESAP ERP Sales (SAP_APPL)< 6.03affected
SAP SESAP ERP Sales (SAP_APPL)< 6.04affected
SAP SESAP ERP Sales (SAP_APPL)< 6.05affected
SAP SESAP ERP Sales (SAP_APPL)< 6.06affected
SAP SESAP ERP Sales (SAP_APPL)< 6.16affected
SAP SESAP ERP Sales (SAP_APPL)< 6.17affected
SAP SESAP ERP Sales (SAP_APPL)< 6.18affected
SAP SES4HANA Sales (S4CORE)< 1.0affected
SAP SES4HANA Sales (S4CORE)< 1.01affected
SAP SES4HANA Sales (S4CORE)< 1.02affected
SAP SES4HANA Sales (S4CORE)< 1.03affected
SAP SES4HANA Sales (S4CORE)< 1.04affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References