CVE-2020-6188
6.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N
Summary
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP ERP (SAP_APPL) | = 6.0 | affected |
| SAP SE | SAP ERP (SAP_APPL) | = 6.02 | affected |
| SAP SE | SAP ERP (SAP_APPL) | = 6.03 | affected |
| SAP SE | SAP ERP (SAP_APPL) | = 6.04 | affected |
| SAP SE | SAP ERP (SAP_APPL) | = 6.05 | affected |
| SAP SE | SAP ERP (SAP_APPL) | = 6.06 | affected |
| SAP SE | SAP ERP (SAP_APPL) | = 6.16 | affected |
| SAP SE | SAP ERP (SAP_FIN) | = 6.17 | affected |
| SAP SE | SAP ERP (SAP_FIN) | = 6.18 | affected |
| SAP SE | SAP ERP (SAP_FIN) | = 7.0 | affected |
| SAP SE | SAP ERP (SAP_FIN) | = 7.20 | affected |
| SAP SE | SAP ERP (SAP_FIN) | = 7.30 | affected |
| SAP SE | SAP S/4 HANA (S4CORE) | = 1.0 | affected |
| SAP SE | SAP S/4 HANA (S4CORE) | = 1.01 | affected |
| SAP SE | SAP S/4 HANA (S4CORE) | = 1.02 | affected |
| SAP SE | SAP S/4 HANA (S4CORE) | = 1.03 | affected |
| SAP SE | SAP S/4 HANA (S4CORE) | = 1.04 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
- https://launchpad.support.sap.com/#/notes/2857511
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
- https://launchpad.support.sap.com/#/notes/2857511
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.