Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-6268

Опубликовано: 10 июн. 2020
Источник: nvd
CVSS3: 5.4
CVSS3: 8.1
CVSS2: 5.5
EPSS Низкий

Описание

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:erp_\(ea-finserv\):600:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):603:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):604:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):605:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):606:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):616:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):617:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):618:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(ea-finserv\):800:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(s4core\):101:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(s4core\):102:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(s4core\):103:*:*:*:*:*:*:*
cpe:2.3:a:sap:erp_\(s4core\):104:*:*:*:*:*:*:*

EPSS

Процентиль: 38%
0.00166
Низкий

5.4 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

github логотип

GHSA-c687-3w98-pg2q

github
больше 3 лет назад

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.

EPSS

Процентиль: 38%
0.00166
Низкий

5.4 Medium

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-862