PT-2018-15495 · Sap · Sap Solution Manager

Published

2018-01-09

Updated

2019-10-03

CVE-2018-2361

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Solution Manager version 7.20

Description The issue concerns the SAP BPO CONFIG role in SAP Solution Manager, which provides the Business Process Operations (BPO) configuration user with more authorization than necessary for configuring the BPO tools.

Recommendations For SAP Solution Manager version 7.20, consider restricting the authorization of the SAP BPO CONFIG role to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2018-2361

Affected Products

Sap Solution Manager

PT-2018-15495 · Sap · Sap Solution Manager

CVE-2018-2361

Weakness Enumeration

Related Identifiers

Affected Products

References · 5