CVE-2020-6270

Summary

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Banking Services)< 710affected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 711affected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 740affected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 750affected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 751affected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 752affected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 75Aaffected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 75Baffected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 75Caffected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 75Daffected
SAP SESAP NetWeaver AS ABAP (Banking Services)< 75Eaffected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References