Authorization Flaw in SAP Disclosure Management 10.1
CVE-2020-6209

7.2HIGH

Key Information:

Vendor: SAP
Status: SAP Disclosure Management
Vendor: CVE Published:; 10 March 2020

What is CVE-2020-6209?

SAP Disclosure Management version 10.1 is affected by an authorization flaw, where an authenticated user can access administration accounts without the necessary roles. This vulnerability occurs due to the lack of proper authorization checks, potentially enabling unauthorized modifications and access to sensitive data. Users should take immediate action to secure their systems against this issue and ensure that proper role assignments and authorization checks are enforced to prevent unauthorized access.

Affected Version(s)

SAP Disclosure Management < 10.1

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2858044

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 10, 2020
Vulnerability Reserved
Jan 8, 2020