CVE-2019-0276

Name of the Vulnerable Software and Affected Versions SAP Banking Services version 9.0 (FSAPPL version 5) SAP S/4HANA Financial Products Subledger (S4FPSL) version 1

Description The issue is related to inadequate authorization checks for authenticated users, potentially leading to escalation of privileges. This could allow a remote attacker to increase their privileges.

Recommendations For SAP Banking Services version 9.0 (FSAPPL version 5), update the authorization checks to properly validate user privileges. For SAP S/4HANA Financial Products Subledger (S4FPSL) version 1, ensure that all user actions are properly authorized to prevent privilege escalation. As a temporary workaround, consider restricting access to sensitive features and functionalities in both SAP Banking Services and SAP S/4HANA Financial Products Subledger until a proper fix is applied.