PT-2020-19005 · Sap · S4Core+1
Published
2020-03-10
·
Updated
2020-03-12
·
CVE-2020-6204
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Treasury and Risk Management (Transaction Management) versions 600, 603, 604, 605, 606, 616, 617, 618, 800
S4CORE versions 101, 102, 103, 104
Description
The issue is related to a Missing Authorization Check in the selection query of SAP Treasury and Risk Management (Transaction Management). This results in the query returning more records than it should when selecting and displaying the contract number.
Recommendations
For SAP Treasury and Risk Management (Transaction Management) versions 600, 603, 604, 605, 606, 616, 617, 618, 800, apply the necessary patch or fix to address the Missing Authorization Check issue.
For S4CORE versions 101, 102, 103, 104, apply the necessary patch or fix to address the Missing Authorization Check issue.
As a temporary workaround, consider restricting access to the selection query functionality in SAP Treasury and Risk Management (Transaction Management) until a patch is available.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
S4Core
Sap Treasury/Risk Management