Insufficient Authorization Checks in SAP Treasury and Risk Management

Insufficient Authorization Checks in SAP Treasury and Risk Management

CVE-2019-0384 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.

Learn more about our User Device Pen Test.