CVE-2019-0384

2019-12-1719:24:06

sap

www.cve.org

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

42.9%

JSON

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.

CNA Affected

[
  {
    "product": "SAP Treasury and Risk Management (S4CORE)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 1.01"
      },
      {
        "status": "affected",
        "version": "< 1.02"
      },
      {
        "status": "affected",
        "version": "< 1.03"
      },
      {
        "status": "affected",
        "version": "< 1.04"
      }
    ]
  },
  {
    "product": "SAP Treasury and Risk Management (EA-FINSERV)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 6.0"
      },
      {
        "status": "affected",
        "version": "< 6.03"
      },
      {
        "status": "affected",
        "version": "< 6.04"
      },
      {
        "status": "affected",
        "version": "< 6.05"
      },
      {
        "status": "affected",
        "version": "< 6.06"
      },
      {
        "status": "affected",
        "version": "< 6.16"
      },
      {
        "status": "affected",
        "version": "< 6.17"
      },
      {
        "status": "affected",
        "version": "< 6.18"
      },
      {
        "status": "affected",
        "version": "< 8.0"
      }
    ]
  }
]