CVE-2020-6270Missing Authorization in SE SAP Netweaver AS Abap

CWE-862Missing Authorization3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedJun 10
Latest updateMay 24

Description

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_abap< 710+10
NVDsap/netweaver_application11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-3x3x-gvp4-q59h: SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization c2022-05-24
CVEList
CVE-2020-6270: SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization c2020-06-10
CVE-2020-6270 — Missing Authorization | cvebase