CVE-2020-6268
5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Summary
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < EA-FINSERV 600 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 603 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 604 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 605 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 606 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 616 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 617 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 618 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 800S4CORE 101 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 102 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 103 | affected |
| SAP SE | SAP ERP (Statutory Reporting for Insurance Companies) | < 104 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
- https://launchpad.support.sap.com/#/notes/2906996
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
- https://launchpad.support.sap.com/#/notes/2906996
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.