CVE-2020-6311 — MEDIUM (6.5)

Vulnerability Description

Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Bank Analyzer	500
Sap	S\/4Hana For Financial Products Subledger	100

Related Weaknesses (CWE)

CWE-285 CWE-863

References

https://launchpad.support.sap.com/#/notes/2951325Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700Vendor Advisory
https://launchpad.support.sap.com/#/notes/2951325Permissions RequiredVendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700Vendor Advisory

FAQ

What is CVE-2020-6311?

CVE-2020-6311 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenti...

How severe is CVE-2020-6311?

CVE-2020-6311 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6311?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Bank Analyzer, Sap S\/4Hana For Financial Products Subledger.