CVE-2020-6188
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
Los reportes de VAT Pro-Rata en SAP ERP (SAP_APPL versiones 600, 602, 603, 604, 605, 606, 616 y SAP_FIN versiones 617, 618, 700, 720, 730) y SAP S/4 HANA (versiones 100, 101, 102 , 103, 104), no realizan las comprobaciones de autorización necesarias para un usuario autenticado, conllevando a una Falta de Comprobación de Autorización.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2020-01-08 CVE Reserved
- 2020-02-12 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 | 2020-02-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Erp Search vendor "Sap" for product "Erp" | 6.0 Search vendor "Sap" for product "Erp" and version "6.0" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 1511 Search vendor "Sap" for product "S\/4 Hana" and version "1511" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 1610 Search vendor "Sap" for product "S\/4 Hana" and version "1610" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 1709 Search vendor "Sap" for product "S\/4 Hana" and version "1709" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 1809 Search vendor "Sap" for product "S\/4 Hana" and version "1809" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | S\/4 Hana Search vendor "Sap" for product "S\/4 Hana" | 1909 Search vendor "Sap" for product "S\/4 Hana" and version "1909" | - |
Affected
| ||||||