Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
2019-12-17T20:15:11.227
2024-11-21T04:16:46.490
Modified
CVSSv3.1: 8.8 (HIGH)
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | sap | enterprise_extension_financial_services | 6.0 | Yes |
| Application | sap | enterprise_extension_financial_services | 6.03 | Yes |
| Application | sap | enterprise_extension_financial_services | 6.04 | Yes |
| Application | sap | enterprise_extension_financial_services | 6.05 | Yes |
| Application | sap | enterprise_extension_financial_services | 6.06 | Yes |
| Application | sap | enterprise_extension_financial_services | 6.16 | Yes |
| Application | sap | enterprise_extension_financial_services | 6.17 | Yes |
| Application | sap | enterprise_extension_financial_services | 6.18 | Yes |
| Application | sap | enterprise_extension_financial_services | 8.0 | Yes |
| Application | sap | treasury_and_risk_management_\(s4core\) | 1.01 | Yes |
| Application | sap | treasury_and_risk_management_\(s4core\) | 1.02 | Yes |
| Application | sap | treasury_and_risk_management_\(s4core\) | 1.03 | Yes |
| Application | sap | treasury_and_risk_management_\(s4core\) | 1.04 | Yes |