CVE-2019-0276 — Incorrect Authorization in SE Banking Services From SAP 9.0

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 34.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE Banking Services From SAP 9.0 SAP SE SAP S 4hana Financial Products Subledger SAP Banking Services From SAP +1 more

Timeline

PublishedMar 12

Latest updateMay 13

Description

Banking services from SAP 9.0 (FSAPPL version 5) and SAP S/4HANA Financial Products Subledger (S4FPSL, version 1) performs an inadequate authorization check for an authenticated user, potentially resulting in escalation of privileges.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5sap_se/sap_s_4hana_financial_products_subledger< 1

▶NVDsap/s_4hana_financial_products_subledger1.0

▶CVEListV5sap_se/banking_services_from_sap_9.0< 5

▶NVDsap/banking_services_from_sap9.0

🔴Vulnerability Details

GHSA

GHSA-7245-97xv-qh8g: Banking services from SAP 9↗2022-05-13

▶

CVEList

CVE-2019-0276: Banking services from SAP 9↗2019-03-12

▶