SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability

Bugtraq ID:	104703
Class:	Input Validation Error
CVE:	CVE-2018-2436
Remote:	Yes
Local:	No
Published:	Jul 10 2018 12:00AM
Updated:	Jul 10 2018 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:	SAP R/3 Enterprise Retail EHP6
Not Vulnerable:

SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability

SAP Enterprise Financial Services is prone to an authorization-bypass vulnerability.

Attackers can exploit this issue to gain unauthorized access and obtain sensitive information. This may aid in further attacks.

SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

SAP Enterprise Financial Services CVE-2018-2436 Remote Authorization Bypass Vulnerability

References:

• SAP Homepage (SAP)
  
• SAP Security Note 2652578 (SAP)
  
• SAP Security Patch Day �?? July 2018 (SAP)