4Hana

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

sap

CWE-862

NVD

Published: 2020-11-10

Updated: 2020-11-24

Summary

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP ERP 600 SAP ERP 602 SAP ERP 603 SAP ERP 604 SAP ERP 605 SAP ERP 606 SAP ERP 616 SAP ERP 617 SAP ERP 618 SAP S/4Hana 100 SAP S/4Hana 101 SAP S/4Hana 102 SAP S/4Hana 103 SAP S/4Hana 104	14

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://launchpad.support.sap.com/#/notes/2944188
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571