CVE-2018-2484

SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Published: Jan 8, 2019
Updated: Apr 13, 2023
CVE: CVE-2018-2484
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
sap / sapscore	1.14	1.14.x
sap / sapscore	1.15	1.15.x
sap / sapscore	1.13	1.13.x
sap / s4core	1.02	1.02.x
sap / s4core	1.01	1.01.x
sap / s4core	1.03	1.03.x
sap / ea-finserv	6.04	6.04.x
sap / ea-finserv	6.05	6.05.x
sap / ea-finserv	6.06	6.06.x
sap / ea-finserv	6.16	6.16.x
sap / ea-finserv	6.17	6.17.x
sap / ea-finserv	6.18	6.18.x
sap / ea-finserv	8.0	8.0.x
sap / ea-finserv	1.10	1.10.x
sap / ea-finserv	2.0	2.0.x
sap / ea-finserv	5.0	5.0.x
sap / ea-finserv	6.0	6.0.x
sap / ea-finserv	6.03	6.03.x
sap / bank/cfm	4.63_20	4.63_20.x

Vulnerability Database

290,206

CVE-2018-2484