VYPR
High severity8.8NVD Advisory· Published Sep 11, 2018· Updated Jun 17, 2026

CVE-2018-2454

CVE-2018-2454

Description

SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Affected products

2
  • 6.05, 6.06, 6.16, 6.17, 6.18, 8.0+ 1 more
    • (no CPE)range: 6.05, 6.06, 6.16, 6.17, 6.18, 8.0
    • (no CPE)range: = 6.05

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.