PT-2019-4463 · Sap · S4Core+2
Published
2019-11-12
·
Updated
2019-12-20
·
CVE-2019-0384
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Treasury and Risk Management versions prior to S4CORE version 1.05
EA-FINSERV versions prior to 6.07, 6.19, 8.1
Description
The issue is related to insufficient authorization checks in the Transaction Management functionality, which can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations
For S4CORE versions 1.01, 1.02, 1.03, 1.04, update to version 1.05 or later.
For EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0, update to version 6.07, 6.19, 8.1 or later.
As a temporary workaround, consider restricting access to the Transaction Management functionality until a patch is available.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ea-Finserv
S4Core
Sap Treasury/Risk Management