CVE-2020-6301

Name of the Vulnerable Software and Affected Versions SAP ERP (HCM Travel Management) versions 600 through 608

Description The issue is related to a missing authorization check, allowing an authenticated but unauthorized attacker to read, modify, and settle trips. This can result in an escalation of privileges. The vulnerability is associated with the SAP ERP HCM component and can be exploited by a remote attacker to elevate their privileges.

Recommendations For SAP ERP (HCM Travel Management) versions 600 through 608, consider implementing additional authorization checks to restrict access to sensitive functions, such as trip management, until a formal fix is available. As a temporary workaround, restrict access to the travel management module to minimize the risk of exploitation.