Описание
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Ссылки
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Permissions Required
- Third Party AdvisoryVDB Entry
- Vendor Advisory
- Permissions Required
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:sapscore:1.11:*:*:*:*:*:*:*
cpe:2.3:a:sap:sapscore:1.12:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:sap:s4core:1.01:*:*:*:*:*:*:*
cpe:2.3:a:sap:s4core:1.02:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:a:sap:ea-finserv:6.04:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.05:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.06:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.16:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.17:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:6.18:*:*:*:*:*:*:*
cpe:2.3:a:sap:ea-finserv:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 40%
0.00182
Низкий
3.7 Low
CVSS3
4.6 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 4.6
github
больше 3 лет назад
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
EPSS
Процентиль: 40%
0.00182
Низкий
3.7 Low
CVSS3
4.6 Medium
CVSS3
5.5 Medium
CVSS2
Дефекты
CWE-862