Vulnerabilities > CVE-2020-6320 - Incorrect Authorization vulnerability in SAP Marketing 130/140/150

CVSS 5.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

sap

CWE-863

NVD

Published: 2020-09-09

Updated: 2021-07-21

Summary

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Marketing 130 SAP Marketing 140 SAP Marketing 150	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://launchpad.support.sap.com/#/notes/2961991
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700