CVE-2020-6256
5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Summary
SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Master Data Governance | < 748 | affected |
| SAP SE | SAP Master Data Governance | < 749 | affected |
| SAP SE | SAP Master Data Governance | < 750 | affected |
| SAP SE | SAP Master Data Governance | < 751 | affected |
| SAP SE | SAP Master Data Governance | < 752 | affected |
| SAP SE | SAP Master Data Governance | < 800 | affected |
| SAP SE | SAP Master Data Governance | < 801 | affected |
| SAP SE | SAP Master Data Governance | < 802 | affected |
| SAP SE | SAP Master Data Governance | < 803 | affected |
| SAP SE | SAP Master Data Governance | < 804 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2912747
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2912747
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.