Vulnerabilities > CVE-2020-6268 - Missing Authorization vulnerability in SAP ERP (Ea-Finserv) and ERP (S4Core)

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2020-06-10

Updated: 2020-06-16

Summary

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP ERP (Ea Finserv) 600 SAP ERP (Ea Finserv) 603 SAP ERP (Ea Finserv) 604 SAP ERP (Ea Finserv) 605 SAP ERP (Ea Finserv) 606 SAP ERP (Ea Finserv) 616 SAP ERP (Ea Finserv) 617 SAP ERP (Ea Finserv) 618 SAP ERP (Ea Finserv) 800 SAP ERP (S4Core) 101 SAP ERP (S4Core) 102 SAP ERP (S4Core) 103 SAP ERP (S4Core) 104	13

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References