Unrated severityNVD Advisory· Published Nov 13, 2019· Updated Aug 4, 2024

CVE-2019-0386

Description

Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.

Affected products

SAP/SAP ERPllm-create
Range: corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18
SAP/SAP S4HANA Salesllm-create
Range: corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04
SAP SE/S4HANA Sales (S4CORE)v5
Range: < 1.0
SAP SE/SAP ERP Sales (SAP_APPL)v5
Range: < 6.0

Patches

Vulnerability mechanics

References

launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000