Vulnerabilities > CVE-2020-6204 - Missing Authorization vulnerability in SAP products

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2020-03-10

Updated: 2020-03-12

Summary

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Treasury AND Risk Management (Ea Finserv) 600 SAP Treasury AND Risk Management (Ea Finserv) 603 SAP Treasury AND Risk Management (Ea Finserv) 604 SAP Treasury AND Risk Management (Ea Finserv) 605 SAP Treasury AND Risk Management (Ea Finserv) 606 SAP Treasury AND Risk Management (Ea Finserv) 616 SAP Treasury AND Risk Management (Ea Finserv) 617 SAP Treasury AND Risk Management (Ea Finserv) 618 SAP Treasury AND Risk Management (Ea Finserv) 800 SAP Treasury AND Risk Management (S4Core) 101 SAP Treasury AND Risk Management (S4Core) 102 SAP Treasury AND Risk Management (S4Core) 103 SAP Treasury AND Risk Management (S4Core) 104	13

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References