CVE-2020-6298

Name of the Vulnerable Software and Affected Versions SAP Banking Services versions 400 through 500

Description The issue is related to a missing authorization check in the Generic Market Data component, allowing an unauthorized user to access and modify protected Business Partner Generic Market Data and related key figure values. This could potentially lead to the disclosure and integrity compromise of sensitive information.

Recommendations For versions 400 through 500, apply the necessary patches or updates to include authorization checks for Generic Market Data access and modifications. As a temporary workaround, consider restricting access to the Generic Market Data component until a patch is available. Restrict access to sensitive Business Partner data to minimize the risk of exploitation.