← Back

CVE-2020-6307

nvd nist
Published: Jan 14, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.3
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Exploitability: 2.8 / Impact: 1.4
Source: NVD

Description

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

Affected (10)

Products: Sap: Basis
Sap
1 product
Basis
Configuration A
10 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Basis
Version 7.01
Basis
Version 7.02
Basis
Version 7.0
Basis
Version 7.31
Basis
Version 7.40
Basis
Version 7.50
Basis
Version 7.51
Basis
Version 7.52
Basis
Version 7.53
Basis
Version 7.54

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.