CVE-2019-0384
https://notcve.org/view.php?id=CVE-2019-0384
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity. Transaction Management en SAP Treasury and Risk Management (corregida en S4CORE versiones 1.01, 1.02, 1.03, 1.04 y EA-FINSERV versiones 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0), no realiza las comprobaciones de autorización necesarias para funcionalidades que requieren identidad de usuario. • https://launchpad.support.sap.com/#/notes/2828981 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 • CWE-863: Incorrect Authorization •
CVE-2019-0383
https://notcve.org/view.php?id=CVE-2019-0383
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Transaction Management en SAP Treasury and Risk Management (corregida en S4CORE versiones 1.01, 1.02, 1.03, 1.04 y EA-FINSERV versiones 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0), no realiza las comprobaciones de autorización necesarias para un usuario autenticado, resultando en una escalada de privilegios. • https://launchpad.support.sap.com/#/notes/2819170 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390 • CWE-863: Incorrect Authorization •
CVE-2018-2484
https://notcve.org/view.php?id=CVE-2018-2484
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. SAP Enterprise Financial Services (solucionado en SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03; EA-FINSERV 1.10, 2.0, 5.0, 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0; Bank/CFM 4.63_20) no realiza las comprobaciones necesarias de autorización para un usuario autenticado, lo que resulta en un escalado de privilegios. • http://www.securityfocus.com/bid/106477 https://launchpad.support.sap.com/#/notes/2662687 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985 • CWE-862: Missing Authorization •