PT-2019-11216 · Sap · Sap S4Core+1
Publicado
2019-05-14
·
Atualizado
2020-08-24
·
CVE-2019-0280
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
SAP Treasury and Risk Management versions 6.0 through 6.06, 6.16 through 6.18, and 8.0
SAP S4CORE versions 1.01 through 1.03
Description:
The issue results from a lack of necessary authorization checks for authorization objects
T DEAL DP and T DEAL PD, leading to escalation of privileges.Recommendations:
For SAP Treasury and Risk Management versions 6.0 through 6.06, 6.16 through 6.18, and 8.0, ensure proper authorization checks are implemented for
T DEAL DP and T DEAL PD objects.
For SAP S4CORE versions 1.01 through 1.03, implement necessary authorization checks for T DEAL DP and T DEAL PD objects to prevent privilege escalation.Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Sap S4Core
Sap Treasury/Risk Management