PT-2020-19013 · Sap · Sap S/4Hana

Published

2020-04-14

Updated

2020-04-15

CVE-2020-6214

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions SAP S/4HANA (Financial Products Subledger) version 100

Description The issue arises from the use of an incorrect authorization object in some reports. Although other authorization objects protect the affected reports, exploitation could allow an authenticated attacker to view, change, or delete data. This would compromise the proper segregation of duties in the system.

Recommendations For SAP S/4HANA (Financial Products Subledger) version 100, update the authorization objects in the affected reports to ensure proper segregation of duties. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2020-6214

Affected Products

Sap S/4Hana

PT-2020-19013 · Sap · Sap S/4Hana

CVE-2020-6214

Weakness Enumeration

Related Identifiers

Affected Products

References · 5