CVE-2019-0383

Опубликовано: 17 дек. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Ссылки

https://launchpad.support.sap.com/#/notes/2819170
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2819170
Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:enterprise_extension_financial_services:6.0:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:6.03:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:6.04:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:6.05:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:6.06:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:6.16:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:6.17:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:6.18:*:*:*:*:*:*:*

cpe:2.3:a:sap:enterprise_extension_financial_services:8.0:*:*:*:*:*:*:*

cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):1.01:*:*:*:*:*:*:*

cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):1.02:*:*:*:*:*:*:*

cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):1.03:*:*:*:*:*:*:*

cpe:2.3:a:sap:treasury_and_risk_management_\(s4core\):1.04:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00406

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-rm9x-mr65-mw92

github

больше 3 лет назад

BDU:2020-00124