PT-2020-19031 · Sap · Sap S/4Hana

Published

2020-04-14

Updated

2020-04-15

CVE-2020-6233

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions SAP S/4 HANA (Financial Products Subledger and Banking Services) versions FSAPPL 400, 450, 500 and S4FPSL 100

Description The issue allows an authenticated user to run an analysis report due to a Missing Authorization Check, resulting in slowing the system.

Recommendations For SAP S/4 HANA (Financial Products Subledger and Banking Services) versions FSAPPL 400, 450, 500 and S4FPSL 100, consider restricting access to analysis reports to prevent unauthorized use and minimize the risk of system slowdown until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2020-6233

Affected Products

Sap S/4Hana

PT-2020-19031 · Sap · Sap S/4Hana

CVE-2020-6233

Weakness Enumeration

Related Identifiers

Affected Products

References · 5