PT-2020-1566 · Sap · Sap Basis

Published

2020-01-14

Updated

2021-07-21

CVE-2020-6307

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions SAP Basis versions 7.0 through 7.54

Description The issue is related to the Automated Note Search Tool component of the SAP Basis platform, which lacks protection for internal data. This can allow a remote attacker to gain unauthorized access to protected information. The problem arises because the Automated Note Search Tool does not perform sufficient authorization checks, leading to the potential reading of sensitive information.

Recommendations For SAP Basis versions 7.0 through 7.54, update to a version that includes the provided update for the Automated Note Search Tool to ensure sufficient authorization checks are in place.

Fix

Incorrect Authorization

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-200

Related Identifiers

BDU:2020-00568

CVE-2020-6307

Affected Products

Sap Basis

PT-2020-1566 · Sap · Sap Basis

CVE-2020-6307

Weakness Enumeration

Related Identifiers

Affected Products

References · 5