Vulnerabilities > CVE-2020-6311 - Unspecified vulnerability in SAP products

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

NVD

Published: 2020-09-09

Updated: 2024-11-21

Summary

Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version ? 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP S/4Hana FOR Financial Products Subledger 100 SAP Bank Analyzer 500	2

References

https://launchpad.support.sap.com/#/notes/2951325
https://launchpad.support.sap.com/#/notes/2951325
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700