Vulnerabilities > CVE-2020-6301 - Missing Authorization vulnerability in SAP HCM Travel Management

047910
CVSS 8.1 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
sap
CWE-862

Summary

SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.

Common Weakness Enumeration (CWE)