CVE-2020-6273

4.3MEDIUM

Key Information:

Vendor: SAP
Status: SAP S/4 Hana (fiori Ui For General Ledger Accounting)
Vendor: CVE Published:; 12 August 2020

Summary

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.

Affected Version(s)

SAP S/4 HANA (Fiori UI for General Ledger Accounting) < 103 < 103

SAP S/4 HANA (Fiori UI for General Ledger Accounting) < 104 < 104

References

https://launchpad.support.sap.com/#/notes/2885671

x_refsource_MISC

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2020
Vulnerability Reserved
Jan 8, 2020