CVE-2018-2455

Name of the Vulnerable Software and Affected Versions SAP Enterprise Financial Services versions 6.05 through 6.18, 8.0

Description The issue is related to errors in the authorization procedure of the EAFS BCA BUSOPR SEPA function in the SAP Enterprise Financial Services platform. This can allow a remote attacker to escalate their privileges. The problem arises because the software does not perform necessary authorization checks for an authenticated user.

Recommendations For SAP Enterprise Financial Services versions 6.05 through 6.18, 8.0, ensure that necessary authorization checks are implemented for authenticated users to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.