CVE-2020-6188

Summary

VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP ERP (SAP_APPL)= 6.0affected
SAP SESAP ERP (SAP_APPL)= 6.02affected
SAP SESAP ERP (SAP_APPL)= 6.03affected
SAP SESAP ERP (SAP_APPL)= 6.04affected
SAP SESAP ERP (SAP_APPL)= 6.05affected
SAP SESAP ERP (SAP_APPL)= 6.06affected
SAP SESAP ERP (SAP_APPL)= 6.16affected
SAP SESAP ERP (SAP_FIN)= 6.17affected
SAP SESAP ERP (SAP_FIN)= 6.18affected
SAP SESAP ERP (SAP_FIN)= 7.0affected
SAP SESAP ERP (SAP_FIN)= 7.20affected
SAP SESAP ERP (SAP_FIN)= 7.30affected
SAP SESAP S/4 HANA (S4CORE)= 1.0affected
SAP SESAP S/4 HANA (S4CORE)= 1.01affected
SAP SESAP S/4 HANA (S4CORE)= 1.02affected
SAP SESAP S/4 HANA (S4CORE)= 1.03affected
SAP SESAP S/4 HANA (S4CORE)= 1.04affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References