← voltar
CVE-2020-6204

CVE-2020-6204

CVSS 4.3 MEDIUMEPSS 0.6%
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
SAP SE · SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)SAP SE · SAP Treasury and Risk Management (Transaction Management) (S4CORE)

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://launchpad.support.sap.com/#/notes/2841874https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305