CVE-2018-2419

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.6MEDIUM

EPSS

0.2%

top 60.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Enterprise Financial Services (ea-finserv)SAP SE SAP Enterprise Financial Services (s4core)SAP SE SAP Enterprise Financial Services (sapscore)+3 more

Timeline

PublishedMay 9

Latest updateMay 13

Description

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:NExploitability: 1.2 | Impact: 2.5

Affected Packages6 packages

▶CVEListV5sap_se/sap_enterprise_financial_services_(s4core)1.01, 1.02+1

▶CVEListV5sap_se/sap_enterprise_financial_services_(sapscore)1.11, 1.12+1

▶CVEListV5sap_se/sap_enterprise_financial_services_(ea-finserv)7 versions+6

▶NVDsap/s4core1.01, 1.02+1

▶NVDsap/sapscore1.11, 1.12+1

🔴Vulnerability Details

GHSA

GHSA-mcjv-f7wr-jc6j: SAP Enterprise Financial Services (SAPSCORE 1↗2022-05-13

▶

CVEList

CVE-2018-2419: SAP Enterprise Financial Services (SAPSCORE 1↗2018-05-09

▶