High severity8.8NVD Advisory· Published Sep 11, 2018· Updated Jun 17, 2026
CVE-2018-2454
CVE-2018-2454
Description
SAP Enterprise Financial Services, versions 6.05, 6.06, 6.16, 6.17, 6.18, 8.0 (in business function EAFS_BCA_BUSOPR_2) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
Affected products
26.05, 6.06, 6.16, 6.17, 6.18, 8.0+ 1 more
- (no CPE)range: 6.05, 6.06, 6.16, 6.17, 6.18, 8.0
- (no CPE)range: = 6.05
Patches
Vulnerability mechanics
References
3- www.securityfocus.com/bid/105316nvdThird Party AdvisoryVDB Entry
- launchpad.support.sap.comnvdPermissions RequiredVendor Advisory
- wiki.scn.sap.com/wiki/pages/viewpage.actionnvdVendor Advisory
News mentions
0No linked articles in our index yet.