Authorization Bypass Vulnerability in SAP ERP HCM Travel Management
CVE-2020-6301

5.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp (hcm Travel Management)
Vendor: CVE Published:; 12 August 2020

Summary

SAP ERP HCM Travel Management versions 600 through 608 are susceptible to an authorization bypass due to a missing authorization check. This vulnerability allows an authenticated but unauthorized attacker to read, modify, and settle trips within the application, leading to potential privilege escalation.

Affected Version(s)

SAP ERP (HCM Travel Management) < 600 < 600

SAP ERP (HCM Travel Management) < 602 < 602

SAP ERP (HCM Travel Management) < 603 < 603

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2949196

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 12, 2020
Vulnerability Reserved
Jan 8, 2020