PT-2020-18991 · Sap · Sap Fin+2

Published

2020-02-12

Updated

2020-02-19

CVE-2020-6188

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP APPL versions 600 through 606, 616 SAP FIN versions 617 through 618, 700, 720, 730 SAP S/4 HANA versions 100 through 104

Description The issue is related to Missing Authorization Check in VAT Pro-Rata reports. This occurs because the reports do not perform necessary authorization checks for an authenticated user.

Recommendations For SAP APPL versions 600 through 606, 616, update to a version that includes the necessary authorization checks. For SAP FIN versions 617 through 618, 700, 720, 730, update to a version that includes the necessary authorization checks. For SAP S/4 HANA versions 100 through 104, update to a version that includes the necessary authorization checks.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2020-6188

Affected Products

Sap S/4Hana

Sap Appl

Sap Fin

PT-2020-18991 · Sap · Sap Fin+2

CVE-2020-6188

Weakness Enumeration

Related Identifiers

Affected Products

References · 5