CVE-2020-6273Missing Authorization in SE SAP S 4 Hana

CWE-862Missing Authorization3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 66.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP S 4 HanaSAP S 4 Hana Fiori UI FOR General Ledger Accounting
Timeline
PublishedAug 12
Latest updateMay 24

Description

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDsap/s_4_hana_fiori_ui103, 104+1
CVEListV5sap_se/sap_s_4_hana< 103+1

🔴Vulnerability Details

2
GHSA
GHSA-mwg4-fjw2-7rjc: SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user wo2022-05-24
CVEList
CVE-2020-6273: SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user wo2020-08-12
CVE-2020-6273 — Missing Authorization | cvebase