CVE-2020-6268
published 2020-06-10CVE-2020-6268: Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103…
high8.1CVSS 3.1
AVNACLPRLUINSUCHIHAN
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.
Affected
25 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap | erp | — | — |
| sap_se | sap_erp | < EA-FINSERV 600 | EA-FINSERV 600 |
| sap_se | sap_erp | < 603 | 603 |
| sap_se | sap_erp | < 604 | 604 |
| sap_se | sap_erp | < 605 | 605 |
| sap_se | sap_erp | < 606 | 606 |
| sap_se | sap_erp | < 616 | 616 |
| sap_se | sap_erp | < 617 | 617 |
| sap_se | sap_erp | < 618 | 618 |
| sap_se | sap_erp | < 800S4CORE 101 | 800S4CORE 101 |
| sap_se | sap_erp | < 102 | 102 |
| sap_se | sap_erp | < 103 | 103 |
| sap_se | sap_erp | < 104 | 104 |