Search
Find a vulnerability
Search criteria
4 vulnerabilities found for SAP ERP (SAP_FIN) by SAP SE
CVE-2020-6199 (GCVE-0-2020-6199)
Vulnerability from nvd – Published: 2020-03-10 20:18 – Updated: 2024-08-04 08:55
VLAI
Summary
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.
Severity
5.4 (Medium)
CWE
- Missing Authorization Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2871167 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP ERP (EAPPGLO) |
Affected:
< 607
|
|
| SAP SE | SAP ERP (SAP_FIN) |
Affected:
< 618
Affected: < 730 |
|
| SAP SE | SAP S/4HANA (S4CORE) |
Affected:
< 100
Affected: < 101 Affected: < 102 Affected: < 103 Affected: < 104 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2871167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ERP (EAPPGLO)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 607"
}
]
},
{
"product": "SAP ERP (SAP_FIN)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 618"
},
{
"status": "affected",
"version": "\u003c 730"
}
]
},
{
"product": "SAP S/4HANA (S4CORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 100"
},
{
"status": "affected",
"version": "\u003c 101"
},
{
"status": "affected",
"version": "\u003c 102"
},
{
"status": "affected",
"version": "\u003c 103"
},
{
"status": "affected",
"version": "\u003c 104"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T20:18:38.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2871167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP (EAPPGLO)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "607"
}
]
}
},
{
"product_name": "SAP ERP (SAP_FIN)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "618"
},
{
"version_name": "\u003c",
"version_value": "730"
}
]
}
},
{
"product_name": "SAP S/4HANA (S4CORE)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "100"
},
{
"version_name": "\u003c",
"version_value": "101"
},
{
"version_name": "\u003c",
"version_value": "102"
},
{
"version_name": "\u003c",
"version_value": "103"
},
{
"version_name": "\u003c",
"version_value": "104"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2871167",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2871167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6199",
"datePublished": "2020-03-10T20:18:38.000Z",
"dateReserved": "2020-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:55:22.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6188 (GCVE-0-2020-6188)
Vulnerability from nvd – Published: 2020-02-12 19:46 – Updated: 2024-08-04 08:55
VLAI
Summary
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
Severity
6.3 (Medium)
CWE
- Missing Authorization Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2857511 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP ERP (SAP_APPL) |
Affected:
= 6.0
Affected: = 6.02 Affected: = 6.03 Affected: = 6.04 Affected: = 6.05 Affected: = 6.06 Affected: = 6.16 |
|
| SAP SE | SAP ERP (SAP_FIN) |
Affected:
= 6.17
Affected: = 6.18 Affected: = 7.0 Affected: = 7.20 Affected: = 7.30 |
|
| SAP SE | SAP S/4 HANA (S4CORE) |
Affected:
= 1.0
Affected: = 1.01 Affected: = 1.02 Affected: = 1.03 Affected: = 1.04 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2857511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ERP (SAP_APPL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "= 6.0"
},
{
"status": "affected",
"version": "= 6.02"
},
{
"status": "affected",
"version": "= 6.03"
},
{
"status": "affected",
"version": "= 6.04"
},
{
"status": "affected",
"version": "= 6.05"
},
{
"status": "affected",
"version": "= 6.06"
},
{
"status": "affected",
"version": "= 6.16"
}
]
},
{
"product": "SAP ERP (SAP_FIN)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "= 6.17"
},
{
"status": "affected",
"version": "= 6.18"
},
{
"status": "affected",
"version": "= 7.0"
},
{
"status": "affected",
"version": "= 7.20"
},
{
"status": "affected",
"version": "= 7.30"
}
]
},
{
"product": "SAP S/4 HANA (S4CORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "= 1.0"
},
{
"status": "affected",
"version": "= 1.01"
},
{
"status": "affected",
"version": "= 1.02"
},
{
"status": "affected",
"version": "= 1.03"
},
{
"status": "affected",
"version": "= 1.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T19:46:09.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2857511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP (SAP_APPL)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "6.0"
},
{
"version_name": "=",
"version_value": "6.02"
},
{
"version_name": "=",
"version_value": "6.03"
},
{
"version_name": "=",
"version_value": "6.04"
},
{
"version_name": "=",
"version_value": "6.05"
},
{
"version_name": "=",
"version_value": "6.06"
},
{
"version_name": "=",
"version_value": "6.16"
}
]
}
},
{
"product_name": "SAP ERP (SAP_FIN)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "6.17"
},
{
"version_name": "=",
"version_value": "6.18"
},
{
"version_name": "=",
"version_value": "7.0"
},
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.30"
}
]
}
},
{
"product_name": "SAP S/4 HANA (S4CORE)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "1.0"
},
{
"version_name": "=",
"version_value": "1.01"
},
{
"version_name": "=",
"version_value": "1.02"
},
{
"version_name": "=",
"version_value": "1.03"
},
{
"version_name": "=",
"version_value": "1.04"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2857511",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2857511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6188",
"datePublished": "2020-02-12T19:46:09.000Z",
"dateReserved": "2020-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:55:22.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6199 (GCVE-0-2020-6199)
Vulnerability from cvelistv5 – Published: 2020-03-10 20:18 – Updated: 2024-08-04 08:55
VLAI
Summary
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.
Severity
5.4 (Medium)
CWE
- Missing Authorization Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2871167 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP ERP (EAPPGLO) |
Affected:
< 607
|
|
| SAP SE | SAP ERP (SAP_FIN) |
Affected:
< 618
Affected: < 730 |
|
| SAP SE | SAP S/4HANA (S4CORE) |
Affected:
< 100
Affected: < 101 Affected: < 102 Affected: < 103 Affected: < 104 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.062Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2871167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ERP (EAPPGLO)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 607"
}
]
},
{
"product": "SAP ERP (SAP_FIN)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 618"
},
{
"status": "affected",
"version": "\u003c 730"
}
]
},
{
"product": "SAP S/4HANA (S4CORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "\u003c 100"
},
{
"status": "affected",
"version": "\u003c 101"
},
{
"status": "affected",
"version": "\u003c 102"
},
{
"status": "affected",
"version": "\u003c 103"
},
{
"status": "affected",
"version": "\u003c 104"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-10T20:18:38.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2871167"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP (EAPPGLO)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "607"
}
]
}
},
{
"product_name": "SAP ERP (SAP_FIN)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "618"
},
{
"version_name": "\u003c",
"version_value": "730"
}
]
}
},
{
"product_name": "SAP S/4HANA (S4CORE)",
"version": {
"version_data": [
{
"version_name": "\u003c",
"version_value": "100"
},
{
"version_name": "\u003c",
"version_value": "101"
},
{
"version_name": "\u003c",
"version_value": "102"
},
{
"version_name": "\u003c",
"version_value": "103"
},
{
"version_name": "\u003c",
"version_value": "104"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2871167",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2871167"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6199",
"datePublished": "2020-03-10T20:18:38.000Z",
"dateReserved": "2020-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:55:22.062Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6188 (GCVE-0-2020-6188)
Vulnerability from cvelistv5 – Published: 2020-02-12 19:46 – Updated: 2024-08-04 08:55
VLAI
Summary
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
Severity
6.3 (Medium)
CWE
- Missing Authorization Check
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.acti… | x_refsource_MISC |
| https://launchpad.support.sap.com/#/notes/2857511 | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| SAP SE | SAP ERP (SAP_APPL) |
Affected:
= 6.0
Affected: = 6.02 Affected: = 6.03 Affected: = 6.04 Affected: = 6.05 Affected: = 6.06 Affected: = 6.16 |
|
| SAP SE | SAP ERP (SAP_FIN) |
Affected:
= 6.17
Affected: = 6.18 Affected: = 7.0 Affected: = 7.20 Affected: = 7.30 |
|
| SAP SE | SAP S/4 HANA (S4CORE) |
Affected:
= 1.0
Affected: = 1.01 Affected: = 1.02 Affected: = 1.03 Affected: = 1.04 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:55:22.007Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/2857511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SAP ERP (SAP_APPL)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "= 6.0"
},
{
"status": "affected",
"version": "= 6.02"
},
{
"status": "affected",
"version": "= 6.03"
},
{
"status": "affected",
"version": "= 6.04"
},
{
"status": "affected",
"version": "= 6.05"
},
{
"status": "affected",
"version": "= 6.06"
},
{
"status": "affected",
"version": "= 6.16"
}
]
},
{
"product": "SAP ERP (SAP_FIN)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "= 6.17"
},
{
"status": "affected",
"version": "= 6.18"
},
{
"status": "affected",
"version": "= 7.0"
},
{
"status": "affected",
"version": "= 7.20"
},
{
"status": "affected",
"version": "= 7.30"
}
]
},
{
"product": "SAP S/4 HANA (S4CORE)",
"vendor": "SAP SE",
"versions": [
{
"status": "affected",
"version": "= 1.0"
},
{
"status": "affected",
"version": "= 1.01"
},
{
"status": "affected",
"version": "= 1.02"
},
{
"status": "affected",
"version": "= 1.03"
},
{
"status": "affected",
"version": "= 1.04"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing Authorization Check",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-12T19:46:09.000Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.support.sap.com/#/notes/2857511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2020-6188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP ERP (SAP_APPL)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "6.0"
},
{
"version_name": "=",
"version_value": "6.02"
},
{
"version_name": "=",
"version_value": "6.03"
},
{
"version_name": "=",
"version_value": "6.04"
},
{
"version_name": "=",
"version_value": "6.05"
},
{
"version_name": "=",
"version_value": "6.06"
},
{
"version_name": "=",
"version_value": "6.16"
}
]
}
},
{
"product_name": "SAP ERP (SAP_FIN)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "6.17"
},
{
"version_name": "=",
"version_value": "6.18"
},
{
"version_name": "=",
"version_value": "7.0"
},
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.30"
}
]
}
},
{
"product_name": "SAP S/4 HANA (S4CORE)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "1.0"
},
{
"version_name": "=",
"version_value": "1.01"
},
{
"version_name": "=",
"version_value": "1.02"
},
{
"version_name": "=",
"version_value": "1.03"
},
{
"version_name": "=",
"version_value": "1.04"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2857511",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2857511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2020-6188",
"datePublished": "2020-02-12T19:46:09.000Z",
"dateReserved": "2020-01-08T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:55:22.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}