CVE-2020-6307

Summary

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

Affected Software

VendorProductVersion RangeStatus
SAP SEAutomated Note Search Tool (SAP Basis)< 7.0affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.01affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.02affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.31affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.4affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.5affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.51affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.52affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.53affected
SAP SEAutomated Note Search Tool (SAP Basis)< 7.54affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References