CVE-2018-2419
LOWSAP Enterprise Financial Services - Missing Authorization
Title source: llmDescription
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/104116
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2596627
Scores
CVSS v3
3.7
EPSS
0.0018
EPSS Percentile
39.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
Details
CWE
CWE-862
Status
published
Products (11)
sap/ea-finserv
6.04
sap/ea-finserv
6.05
sap/ea-finserv
6.06
sap/ea-finserv
6.16
sap/ea-finserv
6.17
sap/ea-finserv
6.18
sap/ea-finserv
8.0
sap/s4core
1.01
sap/s4core
1.02
sap/sapscore
1.11
... and 1 more
Published
May 09, 2018
Tracked Since
Feb 18, 2026