CVE-2020-6188

CWE-862Missing Authorization3 documents3 sources
Severity
8.8HIGH
EPSS
0.2%
top 58.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
SAP SE SAP ERP (sap Appl)SAP SE SAP ERP (sap Fin)SAP SE SAP S/4 Hana (s4core)+2 more
Timeline
PublishedFeb 12
Latest updateMay 24

Description

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

NVDsap/s\/4_hana5 versions+4
CVEListV5sap_se/sap_s/4_hana_(s4core)5 versions+4
NVDsap/erp6.0
CVEListV5sap_se/sap_erp_(sap_fin)5 versions+4
CVEListV5sap_se/sap_erp_(sap_appl)7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-5f97-p8qf-7px9: VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (v2022-05-24
CVEList
CVE-2020-6188: VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (v2020-02-12
CVE-2020-6188 (HIGH CVSS 8.8) | VAT Pro-Rata reports in SAP ERP (SA | cvebase.io