CVE-2019-0383 — Incorrect Authorization in SE SAP Treasury AND Risk Management

CWE-863 — Incorrect Authorization3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.4%

top 40.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Treasury AND Risk Management SAP Enterprise Extension Financial Services SAP Treasury AND Risk Management

Timeline

PublishedDec 17

Latest updateMay 24

Description

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶CVEListV5sap_se/sap_treasury_and_risk_management< 1.01+12

▶NVDsap/treasury_and_risk_management4 versions+3

▶NVDsap/enterprise_extension_financial_services9 versions+8

🔴Vulnerability Details

GHSA

GHSA-rm9x-mr65-mw92: Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1↗2022-05-24

▶

CVEList

CVE-2019-0383: Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1↗2019-12-17

▶