CVE-2020-6268

🗓️ 10 Jun 2020 12:35:27Reported by sapType

Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2020-6268	10 Jun 202012:35	–	cve
EUVD	EUVD-2020-27418	7 Oct 202500:30	–	euvd
NVD	CVE-2020-6268	10 Jun 202013:15	–	nvd
OSV	CVE-2020-6268	10 Jun 202013:15	–	osv
Prion	Authorization	10 Jun 202013:15	–	prion
RedhatCVE	CVE-2020-6268	22 May 202517:03	–	redhatcve

[
  {
    "product": "SAP ERP (Statutory Reporting for Insurance Companies)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< EA-FINSERV 600"
      },
      {
        "status": "affected",
        "version": "< 603"
      },
      {
        "status": "affected",
        "version": "< 604"
      },
      {
        "status": "affected",
        "version": "< 605"
      },
      {
        "status": "affected",
        "version": "< 606"
      },
      {
        "status": "affected",
        "version": "< 616"
      },
      {
        "status": "affected",
        "version": "< 617"
      },
      {
        "status": "affected",
        "version": "< 618"
      },
      {
        "status": "affected",
        "version": "< 800S4CORE 101"
      },
      {
        "status": "affected",
        "version": "< 102"
      },
      {
        "status": "affected",
        "version": "< 103"
      },
      {
        "status": "affected",
        "version": "< 104"
      }
    ]
  }
]

Source	Link
wiki	www.wiki.scn.sap.com/wiki/pages/viewpage.action
launchpad	www.launchpad.support.sap.com/

10 Jun 2020 12:35Current

8.1High risk

Vulners AI Score8.1

CVSS 35.4

EPSS0.00675