Vulnerability Details CVE-2018-2419
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 53.8%
CVSS Severity
CVSS v3 Score 3.7
CVSS v2 Score 5.5
References
- http://www.securityfocus.com/bid/104116
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
- https://launchpad.support.sap.com/#/notes/2596627
- http://www.securityfocus.com/bid/104116
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
- https://launchpad.support.sap.com/#/notes/2596627
Products affected by CVE-2018-2419
-
cpe:2.3:a:sap:ea-finserv:6.04
-
cpe:2.3:a:sap:ea-finserv:6.05
-
cpe:2.3:a:sap:ea-finserv:6.06
-
cpe:2.3:a:sap:ea-finserv:6.16
-
cpe:2.3:a:sap:ea-finserv:6.17
-
cpe:2.3:a:sap:ea-finserv:6.18
-
cpe:2.3:a:sap:ea-finserv:8.0
-
cpe:2.3:a:sap:s4core:1.01
-
cpe:2.3:a:sap:s4core:1.02
-
cpe:2.3:a:sap:sapscore:1.11
-
cpe:2.3:a:sap:sapscore:1.12