Vulnerabilities > CVE-2020-6307 - Incorrect Authorization vulnerability in SAP Basis

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-863

NVD

Published: 2020-01-14

Updated: 2021-07-21

Summary

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Basis 7.01 SAP Basis 7.02 SAP Basis 7.31 SAP Basis 7.40 SAP Basis 7.50 SAP Basis 7.51 SAP Basis 7.52 SAP Basis 7.0 SAP Basis 7.53 SAP Basis 7.54	10

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://launchpad.support.sap.com/#/notes/2863397
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771