Vulnerabilities > CVE-2020-6273 - Missing Authorization vulnerability in SAP S/4 Hana Fiori UI FOR General Ledger Accounting 103/104

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2020-08-12

Updated: 2020-08-13

Summary

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP S/4 Hana Fiori UI FOR General Ledger Accounting 103 SAP S/4 Hana Fiori UI FOR General Ledger Accounting 104	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://launchpad.support.sap.com/#/notes/2885671
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345