4Hana

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2020-04-24

Updated: 2020-05-08

Summary

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP ERP 607 SAP ERP 618 SAP ERP 730 SAP S/4Hana 100 SAP S/4Hana 101 SAP S/4Hana 102 SAP S/4Hana 103 SAP S/4Hana 104	8

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://launchpad.support.sap.com/#/notes/2864966
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202