Lucene search

SapCVELIST:CVE-2020-6311

HistorySep 09, 2020 - 1:12 p.m.

CVE-2020-6311

2020-09-0913:12:47

CWE-285

sap

www.cve.org

sap 9.0

sap s/4hana

authorization checks

privilege escalation

banking data

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.

CNA Affected

[
  {
    "product": "BANKING SERVICES FROM SAP 9.0(Bank Analyzer)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 500"
      }
    ]
  },
  {
    "product": "S/4HANA FIN PROD SUBLDGR",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 100"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2951325

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

28.4%

JSON

Related for CVELIST:CVE-2020-6311