CVE-2020-6268
First published: Wed Jun 10 2020(Updated: )
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP ERP (EA-Finserv) | =600 | |
| SAP ERP (EA-Finserv) | =603 | |
| SAP ERP (EA-Finserv) | =604 | |
| SAP ERP (EA-Finserv) | =605 | |
| SAP ERP (EA-Finserv) | =606 | |
| SAP ERP (EA-Finserv) | =616 | |
| SAP ERP (EA-Finserv) | =617 | |
| SAP ERP (EA-Finserv) | =618 | |
| SAP ERP (EA-Finserv) | =800 | |
| SAP S/4HANA | =101 | |
| SAP S/4HANA | =102 | |
| SAP S/4HANA | =103 | |
| SAP S/4HANA | =104 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6268?
CVE-2020-6268 has a high severity rating due to the lack of proper authorization checks, allowing unauthorized access to sensitive information.
How do I fix CVE-2020-6268?
To fix CVE-2020-6268, apply the latest security patch provided by SAP for the affected EA-FINSERV and S4CORE versions.
What kind of data can be accessed due to CVE-2020-6268?
CVE-2020-6268 allows an attacker to view and tamper with restricted financial reporting data.
Which versions are affected by CVE-2020-6268?
CVE-2020-6268 affects EA-FINSERV versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104.
How can I determine if my SAP system is vulnerable to CVE-2020-6268?
You can determine if your SAP system is vulnerable to CVE-2020-6268 by checking the installed versions against the known affected versions.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap erp (ea-finserv)
- version/sap erp (ea-finserv)/600
- version/sap erp (ea-finserv)/603
- version/sap erp (ea-finserv)/604
- version/sap erp (ea-finserv)/605
- version/sap erp (ea-finserv)/606
- version/sap erp (ea-finserv)/616
- version/sap erp (ea-finserv)/617
- version/sap erp (ea-finserv)/618
- version/sap erp (ea-finserv)/800
- canonical/sap s/4hana
- version/sap s/4hana/101
- version/sap s/4hana/102
- version/sap s/4hana/103
- version/sap s/4hana/104