Missing Authorization Check in SAP ERP and SAP S/4HANA Product
CVE-2020-6199
5.4MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 10 March 2020
What is CVE-2020-6199?
In certain versions of SAP ERP and SAP S/4HANA, a vulnerability exists where the view FIMENAV_COMPCERT lacks an essential authorization check. This flaw allows an attacker with no authorization group to manage any company certificate, potentially leading to unauthorized manipulation of sensitive information. The affected products include multiple versions of SAP ERP and SAP S/4HANA, which require immediate action to mitigate the risk.
Affected Version(s)
SAP ERP (EAPPGLO) < 607
SAP ERP (SAP_FIN) < 618 < 618
SAP ERP (SAP_FIN) < 730 < 730