Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product Treasury And Risk Management \(s4core\)
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6204 1 Sap 2 Treasury And Risk Management \(ea-finserv\), Treasury And Risk Management \(s4core\) 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
CVE-2019-0384 1 Sap 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) 2024-11-21 6.5 MEDIUM 8.8 HIGH
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
CVE-2019-0383 1 Sap 2 Enterprise Extension Financial Services, Treasury And Risk Management \(s4core\) 2024-11-21 6.5 MEDIUM 8.8 HIGH
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.