Missing Authorization Check in SAP ERP and SAP S/4 HANA
CVE-2020-6316
4.3MEDIUM
What is CVE-2020-6316?
An issue exists within SAP ERP and SAP S/4 HANA that allows an authenticated user to access cost records associated with objects for which they lack proper authorization in Project Systems (PS) reporting. This vulnerability could lead to unauthorized exposure of sensitive financial information, compromising data privacy and integrity for organizations that rely on these systems.
Affected Version(s)
SAP ERP < 600 < 600
SAP ERP < 602 < 602
SAP ERP < 603 < 603