Lucene search

SapCVELIST:CVE-2020-6214

HistoryApr 14, 2020 - 6:05 p.m.

CVE-2020-6214

2020-04-1418:05:32

CWE-863

sap

www.cve.org

CVSS3

4.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

31.4%

JSON

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.

CNA Affected

[
  {
    "product": "SAP S/4HANA (Financial Products Subledger)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 100"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2897612

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202