← back
CVE-2020-6204

CVE-2020-6204

CVSS 4.3 MEDIUMEPSS 0.6%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Mar 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
SAP SE · SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)SAP SE · SAP Treasury and Risk Management (Transaction Management) (S4CORE)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2841874https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305