CVE-2020-6316 — Missing Authorization in SE SAP S 4 Hana

CWE-862 — Missing Authorization3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 64.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP ERP SAP SE SAP S 4 Hana SAP ERP +1 more

Timeline

PublishedNov 10

Latest updateMay 24

Description

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5sap_se/sap_s_4_hana< 100+4

▶NVDsap/s_4hana5 versions+4

▶CVEListV5sap_se/sap_erp< 600+8

▶NVDsap/erp9 versions+8

🔴Vulnerability Details

GHSA

GHSA-2j5g-6x52-988w: SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Miss↗2022-05-24

▶

CVEList

CVE-2020-6316: SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Miss↗2020-11-10

▶