CVE-2020-6199Missing Authorization in SE SAP S 4hana

CWE-862Missing Authorization3 documents3 sources
Severity
5.4MEDIUMNVD
EPSS
0.1%
top 69.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE SAP ERPSAP SE SAP S 4hanaSAP ERP
Timeline
PublishedMar 10
Latest updateMay 24

Description

The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages3 packages

CVEListV5sap_se/sap_s_4hana< 100+4
CVEListV5sap_se/sap_erp< 607+2
NVDsap/erp607

🔴Vulnerability Details

2
GHSA
GHSA-pq6j-qh22-66qx: The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate2022-05-24
CVEList
CVE-2020-6199: The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate2020-03-10
CVE-2020-6199 — Missing Authorization in SE SAP S 4hana | cvebase