CVE-2020-6273
First published: Wed Aug 12 2020(Updated: )
SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP S/4HANA | =103 | |
| SAP S/4HANA | =104 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6273?
CVE-2020-6273 is considered a high-severity vulnerability due to its potential impact on data integrity and user permissions.
How do I fix CVE-2020-6273?
To resolve CVE-2020-6273, apply the appropriate security patches provided by SAP for versions 103 and 104 of the affected software.
Who is affected by CVE-2020-6273?
CVE-2020-6273 affects users of SAP S/4 HANA Fiori UI for General Ledger Accounting versions 103 and 104.
What can an attacker accomplish through CVE-2020-6273?
An attacker exploiting CVE-2020-6273 can delete attachments due to missing authorization checks, compromising the integrity of the data.
Was CVE-2020-6273 discovered independently?
CVE-2020-6273 was identified through internal security assessments conducted by SAP.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap s/4hana
- version/sap s/4hana/103
- version/sap s/4hana/104