CVE-2018-2454

Name of the Vulnerable Software and Affected Versions SAP Enterprise Financial Services versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0

Description The issue is related to the EAFS BCA BUSOPR 2 business function, where the software does not perform necessary authorization checks for an authenticated user. This results in an escalation of privileges. The vulnerability is associated with errors in the authorization procedure, which can be exploited by a remote attacker to elevate their privileges.

Recommendations For SAP Enterprise Financial Services versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0, ensure that proper authorization checks are implemented for the EAFS BCA BUSOPR 2 business function to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.