CVE-2020-6233 — Missing Authorization in SE SAP S 4 Hana

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 54.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP S 4 Hana SAP Banking Services From SAP SAP S 4hana Financial Products Subledger

Timeline

PublishedApr 14

Latest updateMay 24

Description

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

▶NVDsap/s_4hana_financial_products_subledger100

▶NVDsap/banking_services_from_sap400, 450, 500+2

▶CVEListV5sap_se/sap_s_4_hana< 400+3

🔴Vulnerability Details

GHSA

GHSA-hxp2-q48f-xhqg: SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run↗2022-05-24

▶

CVEList

CVE-2020-6233: SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run↗2020-04-14

▶