PT-2020-1567 · Sap · Sap Leasing+1

Published

2020-01-14

Updated

2020-01-24

CVE-2020-6306

CVSS v2.0

4.0

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions SAP Leasing versions prior to 6.18 EA-APPL versions 6.0 through 6.06, 6.16, and 6.17

Description The issue is related to a missing authorization check in a transaction within SAP Leasing. This could potentially allow a remote attacker to elevate their privileges.

Recommendations For SAP Leasing version prior to 6.18, update to version 6.18 or later. For EA-APPL versions 6.0 through 6.06, 6.16, and 6.17, update to a version outside of the specified range, as no specific fix is provided within the given versions. At the moment, there is no information about additional mitigation measures for these versions.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

BDU:2020-00569

CVE-2020-6306

Affected Products

Ea-Appl

Sap Leasing

PT-2020-1567 · Sap · Sap Leasing+1

CVE-2020-6306

Weakness Enumeration

Related Identifiers

Affected Products

References · 5