CVE-2020-6214Incorrect Authorization in SE SAP S 4hana

CWE-863Incorrect Authorization3 documents3 sources
Severity
4.7MEDIUMNVD
EPSS
0.2%
top 57.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP S 4hanaSAP S 4hana
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:LExploitability: 1.2 | Impact: 3.4

Affected Packages2 packages

CVEListV5sap_se/sap_s_4hana< 100
NVDsap/s_4hana100

🔴Vulnerability Details

2
GHSA
GHSA-fqr7-4324-59j5: SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports2022-05-24
CVEList
CVE-2020-6214: SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports2020-04-14
CVE-2020-6214 — Incorrect Authorization | cvebase