← back
CVE-2020-6273

CVE-2020-6273

CVSS 4.3 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Aug 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected products
SAP SE · SAP S/4 HANA (Fiori UI for General Ledger Accounting)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2885671https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345