CVE-2020-6199

Name of the Vulnerable Software and Affected Versions SAP ERP (MENA Certificate Management) EAPPGLO version 607 SAP FIN versions 618, 730 SAP S/4HANA (MENA Certificate Management) S4CORE versions 100, 101, 102, 103, 104

Description The view FIMENAV COMPCERT does not have any authorization check, allowing an attacker without an authorization group to maintain any company certificate. This leads to a missing authorization check, potentially enabling unauthorized access and modifications to company certificates.

Recommendations For SAP ERP (MENA Certificate Management) EAPPGLO version 607, consider implementing an authorization check for the FIMENAV COMPCERT view to restrict access. For SAP FIN versions 618, 730, implement an authorization check for the FIMENAV COMPCERT view to prevent unauthorized maintenance of company certificates. For SAP S/4HANA (MENA Certificate Management) S4CORE versions 100, 101, 102, 103, 104, restrict access to the FIMENAV COMPCERT view until an authorization check is implemented.