Authorization Flaw in SAP S/4 HANA affecting Fiori UI for General Ledger Accounting
CVE-2020-6273
4.3MEDIUM
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 August 2020
What is CVE-2020-6273?
The Fiori UI for General Ledger Accounting in SAP S/4 HANA versions 103 and 104 is vulnerable due to inadequate authorization checks on the attachment service. Authenticated users can exploit this oversight to delete attachments without proper authorization, leading to potential data loss and integrity issues.
Affected Version(s)
SAP S/4 HANA (Fiori UI for General Ledger Accounting) < 103 < 103
SAP S/4 HANA (Fiori UI for General Ledger Accounting) < 104 < 104