Description
SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2897612
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Scores
CVSS v3
4.7
EPSS
0.0020
EPSS Percentile
41.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-863
Status
published
Products (1)
sap/s\/4hana
100
Published
Apr 14, 2020
Tracked Since
Feb 18, 2026