CVE-2020-6273
MEDIUMSAP S/4 HANA Fiori UI for General Ledger Accounting 103, 104 - Missing Authorization Check in Attachment Service
Title source: llmDescription
SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2885671
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Scores
CVSS v3
4.3
EPSS
0.0014
EPSS Percentile
33.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-862
Status
published
Products (2)
sap/s\/4_hana_fiori_ui_for_general_ledger_accounting
103
sap/s\/4_hana_fiori_ui_for_general_ledger_accounting
104
Published
Aug 12, 2020
Tracked Since
Feb 18, 2026