CVE-2019-0384

Published Dec 17, 2019

Last updated 5 years ago

CVSS high 8.8

Overview

Description: Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
Source: cna@sap.com
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-863

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C94735B-99F4-4B0A-A985-5FE3CD7B8B29"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9139751-0E66-45DD-B0CA-8C75AF762E43"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AC27183-F4D9-430F-884A-A51DC39D9360"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D7E3267E-9458-473B-8001-2762F4753784"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207E235D-3641-4FBD-A165-2D030EBFB1FE"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3726192A-1582-4936-AC2B-7DCBCB6C73C2"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2DAC779F-945A-4F55-B23F-6BF46047A128"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:6.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "796D38E2-78CF-4285-AF7C-BBB3C0BC7ED2"
          },
          {
            "criteria": "cpe:2.3:a:sap:enterprise_extension_financial_services:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B601CCAE-2499-4F24-8C85-C28EA2A0486F"
          },
          {
            "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):1.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA33418A-B177-4899-9859-E41CC01A97FC"
          },
          {
            "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):1.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "720812DB-4460-4059-AAD9-C638E71684B0"
          },
          {
            "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):1.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8EB10799-4688-446B-8D56-B944AD1B8535"
          },
          {
            "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):1.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "083941A4-561C-4AF8-B1CE-064E481D1921"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References