CVE-2018-2454

CWE-862 — Missing Authorization4 documents4 sources

Severity

8.8HIGH

EPSS

0.4%

top 39.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Enterprise Financial Services SAP Enterprise Financial Services

Timeline

PublishedSep 11

Latest updateMay 13

Description

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsap/enterprise_financial_services6 versions+5

▶CVEListV5sap/sap_enterprise_financial_services6 versions+5

🔴Vulnerability Details

GHSA

GHSA-prx4-mj98-96qx: SAP Enterprise Financial Services, versions 6↗2022-05-13

▶

CVEList

CVE-2018-2454: SAP Enterprise Financial Services, versions 6↗2018-09-11

▶

💬Community

Bugzilla

syslog-ng: Use-after free in affile_dw_reap resulting in a denial of service↗2019-01-07

▶