Vulnerabilities > SAP > Treasury AND Risk Management S4Core > Medium

DATE CVE VULNERABILITY TITLE RISK
2020-03-10 CVE-2020-6204 Missing Authorization vulnerability in SAP products
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
network
low complexity
sap CWE-862
4.0
4.0
2019-12-17 CVE-2019-0384 Incorrect Authorization vulnerability in SAP products
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.
network
low complexity
sap CWE-863
6.5
6.5
2019-12-17 CVE-2019-0383 Incorrect Authorization vulnerability in SAP products
Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.
network
low complexity
sap CWE-863
6.5
6.5