CVE-2020-6204
First published: Tue Mar 10 2020(Updated: )
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap Treasury And Risk Management \(ea-finserv\) | =600 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =603 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =604 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =605 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =606 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =616 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =617 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =618 | |
| Sap Treasury And Risk Management \(ea-finserv\) | =800 | |
| Sap Treasury And Risk Management \(s4core\) | =101 | |
| Sap Treasury And Risk Management \(s4core\) | =102 | |
| Sap Treasury And Risk Management \(s4core\) | =103 | |
| Sap Treasury And Risk Management \(s4core\) | =104 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-6204.
What software versions are affected by this vulnerability?
The affected software versions are SAP Treasury and Risk Management (Transaction Management) versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104.
What is the severity of CVE-2020-6204?
The severity of CVE-2020-6204 is medium (4.3).
What is the impact of this vulnerability?
The vulnerability allows the selection query to return more records than it should, leading to missing authorization checks.
Are there any patches or fixes available for this vulnerability?
Yes, patches and fixes are available. Please refer to the official SAP support page and wiki for more information.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap treasury and risk management \(ea-finserv\)
- version/sap treasury and risk management \(ea-finserv\)/600
- version/sap treasury and risk management \(ea-finserv\)/603
- version/sap treasury and risk management \(ea-finserv\)/604
- version/sap treasury and risk management \(ea-finserv\)/605
- version/sap treasury and risk management \(ea-finserv\)/606
- version/sap treasury and risk management \(ea-finserv\)/616
- version/sap treasury and risk management \(ea-finserv\)/617
- version/sap treasury and risk management \(ea-finserv\)/618
- version/sap treasury and risk management \(ea-finserv\)/800
- canonical/sap treasury and risk management \(s4core\)
- version/sap treasury and risk management \(s4core\)/101
- version/sap treasury and risk management \(s4core\)/102
- version/sap treasury and risk management \(s4core\)/103
- version/sap treasury and risk management \(s4core\)/104