CVE-2020-6233 — MEDIUM (4.3)

Vulnerability Description

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Sap	Banking Services From Sap	400
Sap	S\/4Hana Financial Products Subledger	100

Related Weaknesses (CWE)

CWE-862

References

https://launchpad.support.sap.com/#/notes/2904796Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202Vendor Advisory
https://launchpad.support.sap.com/#/notes/2904796Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202Vendor Advisory

FAQ

What is CVE-2020-6233?

CVE-2020-6233 is a vulnerability with a CVSS score of 4.3 (MEDIUM). SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Ch...

How severe is CVE-2020-6233?

CVE-2020-6233 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6233?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Banking Services From Sap, Sap S\/4Hana Financial Products Subledger.