CVE-2020-6268Missing Authorization in SE SAP ERP

CWE-862Missing Authorization3 documents3 sources
Severity
8.1HIGHNVD
EPSS
0.2%
top 62.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP ERPSAP ERP
Timeline
PublishedJun 10
Latest updateMay 24

Description

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

CVEListV5sap_se/sap_erp< EA-FINSERV 600+11
NVDsap/erp13 versions+12

🔴Vulnerability Details

2
GHSA
GHSA-c687-3w98-pg2q: Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 1022022-05-24
CVEList
CVE-2020-6268: Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 1022020-06-10
CVE-2020-6268 — Missing Authorization in SAP SE SAP ERP | cvebase