CVE-2019-0383
First published: Tue Dec 17 2019(Updated: )
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Enterprise Extension Financial Services | =6.0 | |
| Sap Enterprise Extension Financial Services | =6.03 | |
| Sap Enterprise Extension Financial Services | =6.04 | |
| Sap Enterprise Extension Financial Services | =6.05 | |
| Sap Enterprise Extension Financial Services | =6.06 | |
| Sap Enterprise Extension Financial Services | =6.16 | |
| Sap Enterprise Extension Financial Services | =6.17 | |
| Sap Enterprise Extension Financial Services | =6.18 | |
| Sap Enterprise Extension Financial Services | =8.0 | |
| Sap Treasury And Risk Management \(s4core\) | =1.01 | |
| Sap Treasury And Risk Management \(s4core\) | =1.02 | |
| Sap Treasury And Risk Management \(s4core\) | =1.03 | |
| Sap Treasury And Risk Management \(s4core\) | =1.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-0383?
CVE-2019-0383 is classified as a high severity vulnerability due to potential privilege escalation.
How do I fix CVE-2019-0383?
To fix CVE-2019-0383, update to the patched versions of SAP Treasury and Risk Management or SAP Enterprise Extension Financial Services as specified in the release notes.
What types of systems are affected by CVE-2019-0383?
CVE-2019-0383 affects specific versions of SAP Treasury and Risk Management and SAP Enterprise Extension Financial Services.
What is the impact of CVE-2019-0383?
The impact of CVE-2019-0383 includes unauthorized access and potential escalation of privileges for authenticated users.
When was CVE-2019-0383 reported?
CVE-2019-0383 was reported and corrected in various versions released in 2019.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/sap
- canonical/sap enterprise extension financial services
- version/sap enterprise extension financial services/6.0
- version/sap enterprise extension financial services/6.03
- version/sap enterprise extension financial services/6.04
- version/sap enterprise extension financial services/6.05
- version/sap enterprise extension financial services/6.06
- version/sap enterprise extension financial services/6.16
- version/sap enterprise extension financial services/6.17
- version/sap enterprise extension financial services/6.18
- version/sap enterprise extension financial services/8.0
- canonical/sap treasury and risk management \(s4core\)
- version/sap treasury and risk management \(s4core\)/1.01
- version/sap treasury and risk management \(s4core\)/1.02
- version/sap treasury and risk management \(s4core\)/1.03
- version/sap treasury and risk management \(s4core\)/1.04