CVE-2018-2455

CWE-862 — Missing Authorization3 documents3 sources

Severity

8.8HIGH

EPSS

0.4%

top 39.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SAP Enterprise Financial Services SAP Enterprise Financial Services

Timeline

PublishedSep 11

Latest updateMay 13

Description

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_SEPA) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsap/enterprise_financial_services6 versions+5

▶CVEListV5sap/sap_enterprise_financial_services6 versions+5

🔴Vulnerability Details

GHSA

GHSA-8576-fpqm-f7vg: SAP Enterprise Financial Services, versions 6↗2022-05-13

▶

CVEList

CVE-2018-2455: SAP Enterprise Financial Services, versions 6↗2018-09-11

▶