CVE-2020-6316
MEDIUMSAP ERP and S/4 HANA - Authenticated Missing Authorization in PS Reporting
Title source: llmDescription
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
References (2)
Core 2
Core References
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2944188
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
Scores
CVSS v3
4.3
EPSS
0.0015
EPSS Percentile
35.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-862
Status
published
Products (14)
sap/erp
600
sap/erp
602
sap/erp
603
sap/erp
604
sap/erp
605
sap/erp
606
sap/erp
616
sap/erp
617
sap/erp
618
sap/s\/4hana
100
... and 4 more
Published
Nov 10, 2020
Tracked Since
Feb 18, 2026