CVE-2018-2419 | SynScan

Vulnerability Database

290,206

Total vulnerabilities in the database

CVE-2018-2419

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Published: May 9, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-2419
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.6
AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CVSS v2:

Severity: Medium
Score: 5.5
AV:N/AC:L/Au:S/C:P/I:P/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
sap / sapscore	1.12	1.12.x
sap / sapscore	1.11	1.11.x
sap / s4core	1.02	1.02.x
sap / s4core	1.01	1.01.x
sap / ea-finserv	6.04	6.04.x
sap / ea-finserv	6.05	6.05.x
sap / ea-finserv	6.06	6.06.x
sap / ea-finserv	6.16	6.16.x
sap / ea-finserv	6.17	6.17.x
sap / ea-finserv	6.18	6.18.x
sap / ea-finserv	8.0	8.0.x