Lucene search

SapCVE-2020-6233

HistoryApr 14, 2020 - 7:15 p.m.

CVE-2020-6233

2020-04-1419:15:18

CWE-862

sap

web.nvd.nist.gov

sap

s/4 hana

financial products subledger

banking services

cve-2020-6233

authorization check

security vulnerability

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

Affected configurations

Nvd

Node

sapbanking_services_from_sapMatch400

sapbanking_services_from_sapMatch450

sapbanking_services_from_sapMatch500

saps\/4hana_financial_products_subledgerMatch100

VendorProductVersionCPE
sapbanking_services_from_sap400cpe:2.3:a:sap:banking_services_from_sap:400:*:*:*:*:*:*:*
sapbanking_services_from_sap450cpe:2.3:a:sap:banking_services_from_sap:450:*:*:*:*:*:*:*
sapbanking_services_from_sap500cpe:2.3:a:sap:banking_services_from_sap:500:*:*:*:*:*:*:*
saps\/4hana_financial_products_subledger100cpe:2.3:a:sap:s\/4hana_financial_products_subledger:100:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	banking_services_from_sap	400	cpe:2.3:a:sap:banking_services_from_sap:400:::::::*
sap	banking_services_from_sap	450	cpe:2.3:a:sap:banking_services_from_sap:450:::::::*
sap	banking_services_from_sap	500	cpe:2.3:a:sap:banking_services_from_sap:500:::::::*
sap	s\/4hana_financial_products_subledger	100	cpe:2.3:a:sap:s\/4hana_financial_products_subledger:100:::::::*

CNA Affected

[
  {
    "product": "SAP S/4 HANA (Financial Products Subledger and Banking Services) (FSAPPL)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 400"
      },
      {
        "status": "affected",
        "version": "< 450"
      },
      {
        "status": "affected",
        "version": "< 500"
      }
    ]
  },
  {
    "product": "SAP S/4 HANA (Financial Products Subledger and Banking Services) (S4FPSL)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 100"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2904796

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

Related for CVE-2020-6233