CVE-2020-6214
First published: Tue Apr 14 2020(Updated: )
SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sap S\/4hana Financial Products Subledger | =100 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6214?
CVE-2020-6214 has a medium severity rating due to its potential impact on data integrity and confidentiality.
How do I fix CVE-2020-6214?
To fix CVE-2020-6214, apply the latest security patches provided by SAP for S/4HANA version 100.
What impacts does CVE-2020-6214 have on my SAP system?
CVE-2020-6214 may allow authenticated users to view, change, or delete sensitive data in financial reports.
Is CVE-2020-6214 exploitable remotely?
CVE-2020-6214 requires an authenticated user, so it is not exploitable remotely without valid credentials.
What versions of SAP are affected by CVE-2020-6214?
CVE-2020-6214 specifically affects SAP S/4HANA version 100.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/tags
- agent/event
- agent/source
- vendor/sap
- canonical/sap s\/4hana financial products subledger
- version/sap s\/4hana financial products subledger/100