CVE-2020-6204

Summary

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 600affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 603affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 604affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 605affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 606affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 616affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 617affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 618affected
SAP SESAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)< 800affected
SAP SESAP Treasury and Risk Management (Transaction Management) (S4CORE)< 101affected
SAP SESAP Treasury and Risk Management (Transaction Management) (S4CORE)< 102affected
SAP SESAP Treasury and Risk Management (Transaction Management) (S4CORE)< 103affected
SAP SESAP Treasury and Risk Management (Transaction Management) (S4CORE)< 104affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References