Vulnerability Details CVE-2018-2419
SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.6%
CVSS Severity
CVSS v3 Score 3.7
CVSS v2 Score 5.5
References
- http://www.securityfocus.com/bid/104116
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
- https://launchpad.support.sap.com/#/notes/2596627
- http://www.securityfocus.com/bid/104116
- https://blogs.sap.com/2018/05/08/sap-security-patch-day-may-2018/
- https://launchpad.support.sap.com/#/notes/2596627
Products affected by CVE-2018-2419
-
cpe:2.3:a:sap:ea-finserv:6.04
-
cpe:2.3:a:sap:ea-finserv:6.05
-
cpe:2.3:a:sap:ea-finserv:6.06
-
cpe:2.3:a:sap:ea-finserv:6.16
-
cpe:2.3:a:sap:ea-finserv:6.17
-
cpe:2.3:a:sap:ea-finserv:6.18
-
cpe:2.3:a:sap:ea-finserv:8.0
-
cpe:2.3:a:sap:s4core:1.01
-
cpe:2.3:a:sap:s4core:1.02
-
cpe:2.3:a:sap:sapscore:1.11
-
cpe:2.3:a:sap:sapscore:1.12