← back
CVE-2020-6268

CVE-2020-6268

CVSS 5.4 MEDIUMEPSS 0.7%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.4EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
10 Jun 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV versions - 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) does not execute the required authorization checks for an authenticated user, allowing an attacker to view and tamper with certain restricted data leading to Missing Authorization Check.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L
Affected products
SAP SE · SAP ERP (Statutory Reporting for Insurance Companies)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2906996https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775