Vulnerabilities > CVE-2020-6233 - Missing Authorization vulnerability in SAP products

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

sap

CWE-862

NVD

Published: 2020-04-14

Updated: 2020-04-15

Summary

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Banking Services From SAP 400 SAP Banking Services From SAP 450 SAP Banking Services From SAP 500 SAP S/4Hana Financial Products Subledger 100	4

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://launchpad.support.sap.com/#/notes/2904796
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202