CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-2454

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.5%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2018-2454

Sap » Enterprise Financial Services » Version: 6.05

cpe:2.3:a:sap:enterprise_financial_services:6.05
Sap » Enterprise Financial Services » Version: 6.06

cpe:2.3:a:sap:enterprise_financial_services:6.06
Sap » Enterprise Financial Services » Version: 6.16

cpe:2.3:a:sap:enterprise_financial_services:6.16
Sap » Enterprise Financial Services » Version: 6.17

cpe:2.3:a:sap:enterprise_financial_services:6.17
Sap » Enterprise Financial Services » Version: 6.18

cpe:2.3:a:sap:enterprise_financial_services:6.18
Sap » Enterprise Financial Services » Version: 8.0

cpe:2.3:a:sap:enterprise_financial_services:8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-2454

Products

Pricing

Contact Us