CVE-2020-6362

Name of the Vulnerable Software and Affected Versions SAP Banking Services version 500

Description The issue arises from the use of an incorrect authorization object in some reports, which could lead to privilege escalation and violation of segregation of duties. Although the affected reports are protected with other authorization objects, exploitation of this issue could result in service interruptions and system unavailability for the victim and users of the component.

Recommendations For SAP Banking Services version 500, consider reviewing and correcting the authorization objects used in the reports to prevent privilege escalation and ensure proper segregation of duties. As a temporary workaround, restrict access to the affected reports until the authorization objects are corrected.