PT-2020-19085 · Sap · Sap 9.0+1
Published
2020-09-09
·
Updated
2023-01-30
·
CVE-2020-6311
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP 9.0 (Bank Analyzer) version 500
SAP S/4HANA for financial products subledger version 100
Description
The issue arises from improper authorization checks for authenticated users, potentially leading to privilege escalation and exposure of restricted banking data. This could cause system administrators to create incorrect authorization proposals.
Recommendations
For SAP 9.0 (Bank Analyzer) version 500, update to a version that correctly performs authorization checks to prevent privilege escalation.
For SAP S/4HANA for financial products subledger version 100, ensure proper authorization checks are in place to mitigate the risk of exposing restricted banking data.
Fix
Incorrect Authorization
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap 9.0
Sap S/4Hana Financial Products Subledger