CVE-2020-6268

Summary

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< EA-FINSERV 600affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 603affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 604affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 605affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 606affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 616affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 617affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 618affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 800S4CORE 101affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 102affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 103affected
SAP SESAP ERP (Statutory Reporting for Insurance Companies)< 104affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References