SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HSap Bank\/cfm
APPSap4.63_20Sap Ea Finserv
APPSap1.102.05.06.06.036.046.056.066.166.176.188.0Sap S4core
APPSap1.011.021.03Sap Sapscore
APPSap1.131.141.15
Related vulnerabilities
DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730...
Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escal...
SAP Fiori App Manage Service Entry Sheets does not perform necessary authorization checks for an authenticated...
The BSP applications allow an unauthenticated user to manipulate user-controlled URL parameters that are not s...
The BSP applications allow an unauthenticated user to inject malicious script content via user-controlled URL ...