← Back

CVE-2019-0383

nvd nist
Published: Dec 17, 2019Modified: Nov 21, 2024

JSON object

Loading...
8.8
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.8 / Impact: 5.9
Source: NVD

Description

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected (13)

Sap
2 products
Enterprise Extension Financial Services
Treasury And Risk Management (s4core)
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Enterprise Extension Financial Services
Version 6.03
Enterprise Extension Financial Services
Version 6.04
Enterprise Extension Financial Services
Version 6.05
Enterprise Extension Financial Services
Version 6.06
Enterprise Extension Financial Services
Version 6.0
Enterprise Extension Financial Services
Version 6.16
Enterprise Extension Financial Services
Version 6.17
Enterprise Extension Financial Services
Version 6.18
Enterprise Extension Financial Services
Version 8.0
Sap
Treasury And Risk Management (s4core)
Version 1.01
Treasury And Risk Management (s4core)
Version 1.02
Treasury And Risk Management (s4core)
Version 1.03
Treasury And Risk Management (s4core)
Version 1.04

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.