Missing Authorization Check in SAP Master Data Governance
CVE-2020-6256

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Master Data Governance
Vendor: CVE Published:; 12 May 2020

Summary

The vulnerability in SAP Master Data Governance allows unauthorized users to access sensitive change request details. This is due to a missing authorization check, which potentially exposes critical data and enables improper access management within the system. Organizations using versions 748 through 804 should review their security configurations to mitigate the risk associated with this vulnerability.

Affected Version(s)

SAP Master Data Governance < 748 < 748

SAP Master Data Governance < 749 < 749

SAP Master Data Governance < 750 < 750

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2912747

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 12, 2020
Vulnerability Reserved
Jan 8, 2020