Vulnerabilities > CVE-2020-6273 - Missing Authorization vulnerability in SAP S/4 Hana Fiori UI for General Ledger Accounting 103/104

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
sap
CWE-862

Summary

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.

Common Weakness Enumeration (CWE)