Lucene search

SapCVELIST:CVE-2020-6258

HistoryMay 12, 2020 - 5:57 p.m.

CVE-2020-6258

2020-05-1217:57:25

sap

www.cve.org

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.

CNA Affected

[
  {
    "product": "SAP Identity Management",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 8.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2915429

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.4%

JSON

Related for CVELIST:CVE-2020-6258