CVE-2020-6199
published 2020-03-10CVE-2020-6199: The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate…
medium5.4CVSS 3.1
AVNACLPRLUINSUCLILAN
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | erp | — | — |
| sap_se | sap_erp | < 607 | 607 |
| sap_se | sap_erp | < 618 | 618 |
| sap_se | sap_erp | < 730 | 730 |
| sap_se | sap_s_4hana | < 100 | 100 |
| sap_se | sap_s_4hana | < 101 | 101 |
| sap_se | sap_s_4hana | < 102 | 102 |
| sap_se | sap_s_4hana | < 103 | 103 |
| sap_se | sap_s_4hana | < 104 | 104 |