← Back

CVE-2020-6268

nvd nist
Published: Jun 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.

Affected (13)

Sap
2 products
Erp (ea Finserv)
Erp (s4core)
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Erp (ea Finserv)
Version 600
Erp (ea Finserv)
Version 603
Erp (ea Finserv)
Version 604
Erp (ea Finserv)
Version 605
Erp (ea Finserv)
Version 606
Erp (ea Finserv)
Version 616
Erp (ea Finserv)
Version 617
Erp (ea Finserv)
Version 618
Erp (ea Finserv)
Version 800
Sap
Erp (s4core)
Version 101
Erp (s4core)
Version 102
Erp (s4core)
Version 103
Erp (s4core)
Version 104

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.