CVE-2020-6212

CWE-862 — Missing Authorization3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 68.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP ERP SAP SE SAP S/4 Hana SAP ERP +1 more

Timeline

PublishedApr 24

Latest updateMay 24

Description

Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages4 packages

▶CVEListV5sap_se/sap_s/4_hana< 100+4

▶NVDsap/s\/4hana5 versions+4

▶CVEListV5sap_se/sap_erp< 618+2

▶NVDsap/erp607, 618, 730+2

🔴Vulnerability Details

GHSA

GHSA-mxmm-49jq-5jrw: Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and↗2022-05-24

▶

CVEList

CVE-2020-6212: Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and↗2020-04-24

▶