CVE-2020-6204
CVE-2020-6204
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 0.6%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
10 mar 2020Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
SAP SE · SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)SAP SE · SAP Treasury and Risk Management (Transaction Management) (S4CORE)¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →