CVE-2020-6256

Published May 12, 2020

Last updated 3 months ago

CVSS medium 4.3

Overview

Description: SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.3
Impact score: 1.4
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM

CVSS 3.0

Type: Secondary
Base score: 5.4
Impact score: 2.5
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-862

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:748:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E09AA46-4347-4B6C-8BE1-B943B19ECB5F"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:749:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4222EE28-3865-4943-8F7A-2A656293FEAE"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:750:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E022455-6B42-402B-A6FB-F5E314AA1B26"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:751:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17AD00E5-3EED-433C-8341-EF3535C0A316"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:752:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "725B3570-302B-4B4E-93BD-4A99488D1B2D"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:800:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "325FE86D-E0E6-46B3-8BBB-ED93A34E17C3"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:801:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B86D04DD-5013-4769-9E62-32A1C4A7F9A4"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:802:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7895D7F0-A62E-469B-8FE6-7967D74AE202"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:803:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5AB22A-7906-40EE-A613-09C43B1B4D63"
          },
          {
            "criteria": "cpe:2.3:a:sap:master_data_governance:804:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1833975C-797D-45E1-984D-E1900553FFBA"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References