CVE-2018-2484

Name of the Vulnerable Software and Affected Versions SAP Enterprise Financial Services versions prior to SAPSCORE 1.13 SAP Enterprise Financial Services versions prior to S4CORE 1.01 SAP Enterprise Financial Services versions prior to EA-FINSERV 1.10 SAP Enterprise Financial Services versions prior to EA-FINSERV 2.0 SAP Enterprise Financial Services versions prior to EA-FINSERV 5.0 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.0 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.03 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.04 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.05 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.06 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.16 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.17 SAP Enterprise Financial Services versions prior to EA-FINSERV 6.18 SAP Enterprise Financial Services versions prior to EA-FINSERV 8.0 SAP Enterprise Financial Services versions prior to Bank/CFM 4.63 20

Description The issue is related to the lack of necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Recommendations For SAPSCORE, update to version 1.13 or later. For S4CORE, update to version 1.01 or later. For EA-FINSERV, update to version 1.10 or later, or to version 2.0 or later, or to version 5.0 or later, or to version 6.0 or later, or to version 6.03 or later, or to version 6.04 or later, or to version 6.05 or later, or to version 6.06 or later, or to version 6.16 or later, or to version 6.17 or later, or to version 6.18 or later, or to version 8.0 or later. For Bank/CFM, update to version 4.63 20 or later.