← Back

CVE-2020-6204

nvd nist
Published: Mar 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

Affected (13)

Sap
2 products
Treasury And Risk Management (ea Finserv)
Treasury And Risk Management (s4core)
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Treasury And Risk Management (ea Finserv)
Version 600
Treasury And Risk Management (ea Finserv)
Version 603
Treasury And Risk Management (ea Finserv)
Version 604
Treasury And Risk Management (ea Finserv)
Version 605
Treasury And Risk Management (ea Finserv)
Version 606
Treasury And Risk Management (ea Finserv)
Version 616
Treasury And Risk Management (ea Finserv)
Version 617
Treasury And Risk Management (ea Finserv)
Version 618
Treasury And Risk Management (ea Finserv)
Version 800
Sap
Treasury And Risk Management (s4core)
Version 101
Treasury And Risk Management (s4core)
Version 102
Treasury And Risk Management (s4core)
Version 103
Treasury And Risk Management (s4core)
Version 104

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.