Versions
< 104
< 605
< 6.03
< 103
< 6.05
< 617
< 6.17
< 6.16
< 618
< 1.01
< 1.02
< 600
< 6.06
< 604
< 1.04
< 6.18
< 616
< 102
< 1.03
< 6.04
< 603
< 606
< 8.0
< 6.0
< 800
< 101
Recent CVEs
CVE-2020-6204
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
CVE-2019-0384
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
CVE-2019-0383
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
CVE-2019-0280
SAP Treasury and Risk Management (EA-FINSERV 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18 and 8.0; S4CORE 1.01, 1.02 and 1.03), does not perform necessary authorization checks for authorization objects T_DEAL_DP and T_DEAL_PD , resulting in escalation of privileges.