PT-2019-4402 · Sap · S4Core+2
Publicado
2019-11-12
·
Atualizado
2019-12-20
·
CVE-2019-0383
CVSS v2.0
9.0
Alta
| Vetor | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
SAP Treasury and Risk Management versions prior to S4CORE 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0
Description
The issue is related to insufficient access control in the SAP Treasury and Risk Management system. It allows a remote attacker to escalate their privileges.
Recommendations
For S4CORE versions 1.01, 1.02, 1.03, 1.04, update to a version that includes the necessary authorization checks.
For EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0, update to a version that includes the necessary authorization checks.
As a temporary workaround, consider restricting access to the Transaction Management component until a patch is available.
Correção
Incorrect Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ea-Finserv
S4Core
Sap Treasury/Risk Management