CVE-2020-6204
Published Mar 10, 2020
Last updated 5 years ago
Overview
- Description
- The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
- Source
- cna@sap.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 3.0
- Type
- Secondary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-862
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):600:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7EFF8EC8-0C4E-4D93-AECF-6711B470FB54"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):603:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F10EBDE7-0EEE-42E1-A860-ECE0B606D385"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):604:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39437BF7-3C69-43E3-8EFA-EAED49704543"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):605:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "447929D0-5FF0-44EC-99B4-A0A6F3D098AB"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):606:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5085EED2-349E-42D2-A5AE-0F307D43C774"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):616:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E4495C9D-8489-4FC1-94F6-84D203F9B388"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):617:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66AC9F3C-5CE8-4036-9970-5BF9A09C3E06"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):618:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA62E740-4F8D-4E34-8FFE-AA341963308F"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):800:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "349C577E-7966-41CE-A116-4CF9EE47D3D3"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):101:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E21EE73-34F2-4D1C-8C6F-0B0489C049F1"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):102:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6B1E8180-D2BB-423C-84BC-CA738F61C518"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):103:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "215CC44C-D4EA-4CAF-946B-5109790F6636"
},
{
"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):104:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6A389AB7-2487-4AEA-BDA3-3E8CC7BB163F"
}
],
"operator": "OR"
}
]
}
]