CVE-2020-6233

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2904796	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202	Vendor Advisory
https://launchpad.support.sap.com/#/notes/2904796	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:banking_services_from_sap:400:::::::*
	cpe:2.3:a:sap:banking_services_from_sap:450:::::::*
	cpe:2.3:a:sap:banking_services_from_sap:500:::::::*
	cpe:2.3:a:sap:s\/4hana_financial_products_subledger:100:::::::*

History

21 Nov 2024, 05:35

Type	Values Removed	Values Added
References	~~() https://launchpad.support.sap.com/#/notes/2904796 - Permissions Required, Vendor Advisory~~	() https://launchpad.support.sap.com/#/notes/2904796 - Permissions Required, Vendor Advisory
References	~~() https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 - Vendor Advisory~~	() https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 - Vendor Advisory

Information

Published : 2020-04-14 19:15

Updated : 2024-11-21 05:35

NVD link : CVE-2020-6233

Mitre link : CVE-2020-6233

CVE.ORG link : CVE-2020-6233

JSON object : View

Products Affected

sap

banking_services_from_sap
s\/4hana_financial_products_subledger

CWE

CWE-862

Missing Authorization

{"id": "CVE-2020-6233", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2020-04-14T19:15:18.063", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2904796", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2904796", "tags": ["Permissions Required", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system."}, {"lang": "es", "value": "SAP S/4 HANA (Financial Products Subledger and Banking Services), versiones - FSAPPL 400, 450, 500 y S4FPSL 100, permite a un usuario autenticado ejecutar un reporte de an\u00e1lisis debido a una Falta de Comprobaci\u00f3n de Autorizaci\u00f3n, resultando en una desaceleraci\u00f3n del sistema."}], "lastModified": "2024-11-21T05:35:21.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:banking_services_from_sap:400:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "425D48F0-8BF0-4061-A004-17F166AD8C0F"}, {"criteria": "cpe:2.3:a:sap:banking_services_from_sap:450:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7827B1E1-FD57-4053-A467-20EF90D55AD0"}, {"criteria": "cpe:2.3:a:sap:banking_services_from_sap:500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0FE3E896-BAD5-4845-99CE-3C3EB41C5219"}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_financial_products_subledger:100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1CCD228-865A-4795-A0F8-C9F175D87480"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}