Описание
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Ссылки
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:enterprise_financial_services:6.05:*:*:*:*:*:*:*
cpe:2.3:a:sap:enterprise_financial_services:6.06:*:*:*:*:*:*:*
cpe:2.3:a:sap:enterprise_financial_services:6.16:*:*:*:*:*:*:*
cpe:2.3:a:sap:enterprise_financial_services:6.17:*:*:*:*:*:*:*
cpe:2.3:a:sap:enterprise_financial_services:6.18:*:*:*:*:*:*:*
cpe:2.3:a:sap:enterprise_financial_services:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 61%
0.00414
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVSS3: 4.3
fstec
больше 7 лет назад
Уязвимость функции EAFS_BCA_BUSOPR_SEPA программной платформы SAP Enterprise Financial Services, позволяющая нарушителю повысить свои привилегии
EPSS
Процентиль: 61%
0.00414
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-862