CVE-2020-6307
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.0 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.01 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.02 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.31 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.4 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.5 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.51 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.52 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.53 | affected |
| SAP SE | Automated Note Search Tool (SAP Basis) | < 7.54 | affected |
Weaknesses
- Missing Authorization Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771
- https://launchpad.support.sap.com/#/notes/2863397
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771
- https://launchpad.support.sap.com/#/notes/2863397
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.