Vulnerabilities > CVE-2020-6256 - Missing Authorization vulnerability in SAP Master Data Governance

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2020-05-12

Updated: 2020-05-15

Summary

SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Master Data Governance 749 SAP Master Data Governance 750 SAP Master Data Governance 751 SAP Master Data Governance 752 SAP Master Data Governance 800 SAP Master Data Governance 801 SAP Master Data Governance 802 SAP Master Data Governance 803 SAP Master Data Governance 804 SAP Master Data Governance 748	10

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References