CVE-2020-6316

Summary

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP ERP< 600affected
SAP SESAP ERP< 602affected
SAP SESAP ERP< 603affected
SAP SESAP ERP< 604affected
SAP SESAP ERP< 605affected
SAP SESAP ERP< 606affected
SAP SESAP ERP< 616affected
SAP SESAP ERP< 617affected
SAP SESAP ERP< 618affected
SAP SESAP S/4 HANA< 100affected
SAP SESAP S/4 HANA< 101affected
SAP SESAP S/4 HANA< 102affected
SAP SESAP S/4 HANA< 103affected
SAP SESAP S/4 HANA< 104affected

Weaknesses

  • Missing Authorization Check

ADP Enrichment

CVE Program Container

Additional References

References