Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for SAP Treasury and Risk Management (EA-FINSERV) by SAP SE

    CVE-2019-0384 (GCVE-0-2019-0384)

    Vulnerability from nvd – Published: 2019-12-17 19:24 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Treasury and Risk Management (S4CORE) Affected: < 1.01
    Affected: < 1.02
    Affected: < 1.03
    Affected: < 1.04
    Create a notification for this product.
    SAP SE SAP Treasury and Risk Management (EA-FINSERV) Affected: < 6.0
    Affected: < 6.03
    Affected: < 6.04
    Affected: < 6.05
    Affected: < 6.06
    Affected: < 6.16
    Affected: < 6.17
    Affected: < 6.18
    Affected: < 8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2828981"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Treasury and Risk Management (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.04"
                }
              ]
            },
            {
              "product": "SAP Treasury and Risk Management (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.05"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.06"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.16"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.17"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.18"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-17T19:24:06.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2828981"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0384",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Treasury and Risk Management (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Treasury and Risk Management (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "6.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.04"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.05"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.06"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.16"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.17"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.18"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2828981",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2828981"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0384",
        "datePublished": "2019-12-17T19:24:06.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0383 (GCVE-0-2019-0383)

    Vulnerability from nvd – Published: 2019-12-17 19:21 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Treasury and Risk Management (S4CORE) Affected: < 1.01
    Affected: < 1.02
    Affected: < 1.03
    Affected: < 1.04
    Create a notification for this product.
    SAP SE SAP Treasury and Risk Management (EA-FINSERV) Affected: < 6.0
    Affected: < 6.03
    Affected: < 6.04
    Affected: < 6.05
    Affected: < 6.06
    Affected: < 6.16
    Affected: < 6.17
    Affected: < 6.18
    Affected: < 8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.142Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2819170"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Treasury and Risk Management (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.04"
                }
              ]
            },
            {
              "product": "SAP Treasury and Risk Management (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.05"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.06"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.16"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.17"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.18"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-17T19:21:56.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2819170"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0383",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Treasury and Risk Management (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Treasury and Risk Management (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "6.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.04"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.05"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.06"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.16"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.17"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.18"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2819170",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2819170"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0383",
        "datePublished": "2019-12-17T19:21:56.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0384 (GCVE-0-2019-0384)

    Vulnerability from cvelistv5 – Published: 2019-12-17 19:24 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Treasury and Risk Management (S4CORE) Affected: < 1.01
    Affected: < 1.02
    Affected: < 1.03
    Affected: < 1.04
    Create a notification for this product.
    SAP SE SAP Treasury and Risk Management (EA-FINSERV) Affected: < 6.0
    Affected: < 6.03
    Affected: < 6.04
    Affected: < 6.05
    Affected: < 6.06
    Affected: < 6.16
    Affected: < 6.17
    Affected: < 6.18
    Affected: < 8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:27.032Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2828981"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Treasury and Risk Management (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.04"
                }
              ]
            },
            {
              "product": "SAP Treasury and Risk Management (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.05"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.06"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.16"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.17"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.18"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-17T19:24:06.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2828981"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0384",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Treasury and Risk Management (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Treasury and Risk Management (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "6.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.04"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.05"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.06"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.16"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.17"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.18"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2828981",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2828981"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0384",
        "datePublished": "2019-12-17T19:24:06.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:27.032Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0383 (GCVE-0-2019-0383)

    Vulnerability from cvelistv5 – Published: 2019-12-17 19:21 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
    Severity
    No CVSS data available.
    CWE
    • Missing Authorization Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP Treasury and Risk Management (S4CORE) Affected: < 1.01
    Affected: < 1.02
    Affected: < 1.03
    Affected: < 1.04
    Create a notification for this product.
    SAP SE SAP Treasury and Risk Management (EA-FINSERV) Affected: < 6.0
    Affected: < 6.03
    Affected: < 6.04
    Affected: < 6.05
    Affected: < 6.06
    Affected: < 6.16
    Affected: < 6.17
    Affected: < 6.18
    Affected: < 8.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.142Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2819170"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Treasury and Risk Management (S4CORE)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.01"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.02"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 1.04"
                }
              ]
            },
            {
              "product": "SAP Treasury and Risk Management (EA-FINSERV)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 6.0"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.03"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.04"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.05"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.06"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.16"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.17"
                },
                {
                  "status": "affected",
                  "version": "\u003c 6.18"
                },
                {
                  "status": "affected",
                  "version": "\u003c 8.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authorization Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-12-17T19:21:56.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2819170"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0383",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Treasury and Risk Management (S4CORE)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.01"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.02"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "1.04"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Treasury and Risk Management (EA-FINSERV)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "6.0"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.03"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.04"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.05"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.06"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.16"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.17"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "6.18"
                              },
                              {
                                "version_name": "\u003c",
                                "version_value": "8.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authorization Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2819170",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2819170"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0383",
        "datePublished": "2019-12-17T19:21:56.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.142Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }