First published: Tue Nov 10 2020(Updated: )
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP ERP | =600 | |
SAP ERP | =602 | |
SAP ERP | =603 | |
SAP ERP | =604 | |
SAP ERP | =605 | |
SAP ERP | =606 | |
SAP ERP | =616 | |
SAP ERP | =617 | |
SAP ERP | =618 | |
Sap S\/4hana | =100 | |
Sap S\/4hana | =101 | |
Sap S\/4hana | =102 | |
Sap S\/4hana | =103 | |
Sap S\/4hana | =104 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-6316 is rated as a medium severity vulnerability.
To fix CVE-2020-6316, apply the latest SAP patches that address this missing authorization check in PS reporting.
CVE-2020-6316 affects various versions of SAP ERP and SAP S/4 HANA, including versions 600 through 618 and 100 through 104.
An authenticated attacker can view cost records for objects without having the appropriate authorization due to the missing authorization check.
Yes, CVE-2020-6316 has been identified as a known issue in specific SAP ERP and SAP S/4 HANA versions that require urgent attention.