PT-2018-15596 · Sap · Sap Aba
Published
2018-11-13
·
Updated
2019-10-03
·
CVE-2018-2481
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP ABA versions 7.00 through 7.02
SAP ABA versions 7.10 through 7.11
SAP ABA versions 7.30
SAP ABA versions 7.31
SAP ABA versions 7.40
SAP ABA versions 7.50
SAP ABA versions 75C through 75D
Description
The issue concerns the use of a transaction code in SAP standard roles that is reserved for customers. This could allow a malicious user to execute unauthorized transaction functionality by implementing such a transaction code.
Recommendations
For SAP ABA versions 7.00 through 7.02, consider restricting access to the affected transaction code to prevent unauthorized use.
For SAP ABA versions 7.10 through 7.11, remove the implementation of the customer-reserved transaction code to mitigate the risk.
For SAP ABA versions 7.30, 7.31, 7.40, 7.50, 75C through 75D, avoid using the transaction code reserved for customers until a proper fix is applied.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Aba