CVE-2020-6199

MEDIUM

SAP ERP <618 - SAP FIN <730, S4HANA <105 - Missing Authorization Check

Title source: llm

Description

The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

Permissions Required x_refsource_misc

https://launchpad.support.sap.com/#/notes/2871167

Scores

CVSS v3 5.4

EPSS 0.0012

EPSS Percentile 29.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-862

Status published

Products (1)

sap/erp 607

Published Mar 10, 2020

Tracked Since Feb 18, 2026