CVE-2020-6204 — MEDIUM (4.3)

Vulnerability Description

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Treasury And Risk Management \(Ea-Finserv\)	600
Sap	Treasury And Risk Management \(S4Core\)	101

Related Weaknesses (CWE)

CWE-862

References

https://launchpad.support.sap.com/#/notes/2841874Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305Vendor Advisory
https://launchpad.support.sap.com/#/notes/2841874Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305Vendor Advisory

FAQ

What is CVE-2020-6204?

CVE-2020-6204 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more r...

How severe is CVE-2020-6204?

CVE-2020-6204 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6204?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Treasury And Risk Management \(Ea-Finserv\), Sap Treasury And Risk Management \(S4Core\).