Lucene search

SapCVELIST:CVE-2020-6307

HistoryJan 14, 2020 - 5:52 p.m.

CVE-2020-6307

2020-01-1417:52:59

sap

www.cve.org

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

CNA Affected

[
  {
    "product": "Automated Note Search Tool (SAP Basis)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.0"
      },
      {
        "status": "affected",
        "version": "< 7.01"
      },
      {
        "status": "affected",
        "version": "< 7.02"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.4"
      },
      {
        "status": "affected",
        "version": "< 7.5"
      },
      {
        "status": "affected",
        "version": "< 7.51"
      },
      {
        "status": "affected",
        "version": "< 7.52"
      },
      {
        "status": "affected",
        "version": "< 7.53"
      },
      {
        "status": "affected",
        "version": "< 7.54"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2863397

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.7

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVELIST:CVE-2020-6307