HIGH🇬🇧 English

CVE-2018-2484

CVSS 8.8v3.1pub. 2019-01-08upd. 2024-11-21

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Sap Bank\/cfm

    APP
    Sap
    4.63_20
  • Sap Ea Finserv

    APP
    Sap
    1.102.05.06.06.036.046.056.066.166.176.188.0
  • Sap S4core

    APP
    Sap
    1.011.021.03
  • Sap Sapscore

    APP
    Sap
    1.131.141.15
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2021-33701CRITICAL9.1ten sam produkt

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...

CVE-2024-39592HIGH7.7ten sam produkt

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escal...

CVE-2026-23688MEDIUM4.3ten sam produkt

SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated...

CVE-2026-0505MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...

CVE-2026-24323MEDIUM6.1ten sam produkt

The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...