PT-2019-11207 · Sap · Sap Bw/4Hana

Published

2019-01-08

Updated

2020-08-24

CVE-2019-0243

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: SAP BW/4HANA versions prior to DW4CORE version 1.0 (SP08)

Description: The issue concerns the masterdata maintenance in SAP BW/4HANA, where under certain circumstances, it fails to perform necessary authorization checks for an authenticated user. This results in an escalation of privileges.

Recommendations: For SAP BW/4HANA versions prior to DW4CORE version 1.0 (SP08), update to DW4CORE version 1.0 (SP08) or later to resolve the issue.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2019-0243

Affected Products

Sap Bw/4Hana

PT-2019-11207 · Sap · Sap Bw/4Hana

CVE-2019-0243

Weakness Enumeration

Related Identifiers

Affected Products

References · 5