Authorization Flaw in SAP S/4HANA Financial Products Subledger
CVE-2020-6214

4.7MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4hana (financial Products Subledger)
Vendor: CVE Published:; 14 April 2020

Summary

The vulnerability in SAP S/4HANA Financial Products Subledger arises from an incorrect authorization object utilized in certain reports. While other authorization objects may offer some level of protection, the exploitation of this flaw could allow an authenticated user to access, modify, or delete sensitive data. This compromises the essential segregation of duties within the system, leading to significant security concerns for organizations relying on this software.

Affected Version(s)

SAP S/4HANA (Financial Products Subledger) < 100

References

https://launchpad.support.sap.com/#/notes/2897612

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 14, 2020
Vulnerability Reserved
Jan 8, 2020