CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
31.4%
Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.
Vendor | Product | Version | CPE |
---|---|---|---|
sap | erp_sales | 6.0 | cpe:2.3:a:sap:erp_sales:6.0:*:*:*:*:*:*:* |
sap | erp_sales | 6.02 | cpe:2.3:a:sap:erp_sales:6.02:*:*:*:*:*:*:* |
sap | erp_sales | 6.03 | cpe:2.3:a:sap:erp_sales:6.03:*:*:*:*:*:*:* |
sap | erp_sales | 6.04 | cpe:2.3:a:sap:erp_sales:6.04:*:*:*:*:*:*:* |
sap | erp_sales | 6.05 | cpe:2.3:a:sap:erp_sales:6.05:*:*:*:*:*:*:* |
sap | erp_sales | 6.06 | cpe:2.3:a:sap:erp_sales:6.06:*:*:*:*:*:*:* |
sap | erp_sales | 6.16 | cpe:2.3:a:sap:erp_sales:6.16:*:*:*:*:*:*:* |
sap | erp_sales | 6.17 | cpe:2.3:a:sap:erp_sales:6.17:*:*:*:*:*:*:* |
sap | erp_sales | 6.18 | cpe:2.3:a:sap:erp_sales:6.18:*:*:*:*:*:*:* |
sap | s4hana_sales | 1.0 | cpe:2.3:a:sap:s4hana_sales:1.0:*:*:*:*:*:*:* |
[
{
"product": "SAP ERP Sales (SAP_APPL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 6.0"
},
{
"status": "affected",
"version": "< 6.02"
},
{
"status": "affected",
"version": "< 6.03"
},
{
"status": "affected",
"version": "< 6.04"
},
{
"status": "affected",
"version": "< 6.05"
},
{
"status": "affected",
"version": "< 6.06"
},
{
"status": "affected",
"version": "< 6.16"
},
{
"status": "affected",
"version": "< 6.17"
},
{
"status": "affected",
"version": "< 6.18"
}
]
},
{
"product": "S4HANA Sales (S4CORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "< 1.0"
},
{
"status": "affected",
"version": "< 1.01"
},
{
"status": "affected",
"version": "< 1.02"
},
{
"status": "affected",
"version": "< 1.03"
},
{
"status": "affected",
"version": "< 1.04"
}
]
}
]
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
AI Score
Confidence
High
EPSS
Percentile
31.4%