Authorization Bypass in SAP ERP Tax Reporting Features
CVE-2020-6212
5.4MEDIUM
What is CVE-2020-6212?
Certain localized tax reporting functionalities in SAP ERP and S/4 HANA exhibit a vulnerability due to insufficient authorization checks. Specifically, the Egypt localized withholding tax reports—comprising the Clearing of Liabilities and Remittance Statements—may allow an authenticated user to access, modify, or manipulate sensitive tax report data without appropriate permissions. This oversight poses a significant risk as it undermines the integrity and confidentiality of tax-related information.
Affected Version(s)
SAP ERP < 618 < 618
SAP ERP < 730 < 730
SAP ERP < EAPPLGLO 607 < EAPPLGLO 607