CVE-2019-0386 — MEDIUM (6.3)

Vulnerability Description

Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the required authorization checks for an authenticated user, which can result in an escalation of privileges.

CVSS Score

6.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Sap	Erp Sales	6.0
Sap	S4Hana Sales	1.0

Related Weaknesses (CWE)

CWE-862

References

https://launchpad.support.sap.com/#/notes/2840520Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390Vendor Advisory
https://launchpad.support.sap.com/#/notes/2840520Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528880390Vendor Advisory

FAQ

What is CVE-2019-0386?

CVE-2019-0386 is a vulnerability with a CVSS score of 6.3 (MEDIUM). Order processing in SAP ERP Sales (corrected in SAP_APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18) and S4HANA Sales (corrected in S4CORE 1.0, 1.01, 1.02, 1.03, 1.04) does not execute the re...

How severe is CVE-2019-0386?

CVE-2019-0386 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-0386?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Erp Sales, Sap S4Hana Sales.