PT-2018-15546 · Sap · Sap Enterprise Financial Services
Publicado
2018-05-09
·
Atualizado
2019-10-09
·
CVE-2018-2419
CVSS v2.0
5.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Enterprise Financial Services versions 1.11 through 1.12
SAP Enterprise Financial Services versions 1.01 through 1.02
SAP Enterprise Financial Services versions 6.04 through 6.06
SAP Enterprise Financial Services versions 6.16 through 6.18
SAP Enterprise Financial Services version 8.0
Description
The issue results in escalation of privileges due to insufficient authorization checks for authenticated users.
Recommendations
For versions 1.11 and 1.12, ensure proper authorization checks are implemented for all users.
For versions 1.01 and 1.02, apply the necessary patches to enforce authorization.
For versions 6.04 through 6.06, restrict user privileges until a proper fix is applied.
For versions 6.16 through 6.18, implement additional access controls to mitigate the risk.
For version 8.0, consider disabling affected modules until a patch is available.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sap Enterprise Financial Services