Vulnerability Details CVE-2018-2484
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.7%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- http://www.securityfocus.com/bid/106477
- https://launchpad.support.sap.com/#/notes/2662687
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985
- http://www.securityfocus.com/bid/106477
- https://launchpad.support.sap.com/#/notes/2662687
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985
Products affected by CVE-2018-2484
-
cpe:2.3:a:sap:bank/cfm:4.63_20
-
cpe:2.3:a:sap:ea-finserv:1.10
-
cpe:2.3:a:sap:ea-finserv:2.0
-
cpe:2.3:a:sap:ea-finserv:5.0
-
cpe:2.3:a:sap:ea-finserv:6.0
-
cpe:2.3:a:sap:ea-finserv:6.03
-
cpe:2.3:a:sap:ea-finserv:6.04
-
cpe:2.3:a:sap:ea-finserv:6.05
-
cpe:2.3:a:sap:ea-finserv:6.06
-
cpe:2.3:a:sap:ea-finserv:6.16
-
cpe:2.3:a:sap:ea-finserv:6.17
-
cpe:2.3:a:sap:ea-finserv:6.18
-
cpe:2.3:a:sap:ea-finserv:8.0
-
cpe:2.3:a:sap:s4core:1.01
-
cpe:2.3:a:sap:s4core:1.02
-
cpe:2.3:a:sap:s4core:1.03
-
cpe:2.3:a:sap:sapscore:1.13
-
cpe:2.3:a:sap:sapscore:1.14
-
cpe:2.3:a:sap:sapscore:1.15