CVE-2020-6362
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP Banking Services version 500, use an incorrect authorization object in some of its reports. Although the affected reports are protected with otherauthorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component.
SAP Banking Services versión 500, usa un objeto de autorización incorrecto en algunos de sus reportes. Aunque los reportes afectados están protegidos con otros objetos de autorización, la explotación de la vulnerabilidad podría conducir a una escalada de privilegios y una violación en la segregación de funciones, lo que a su vez podría conllevar a interrupciones del servicio y una falta de disponibilidad del sistema para la víctima y los usuarios del componente
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-08 CVE Reserved
- 2020-10-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-863: Incorrect Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 | 2020-10-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Banking Services Search vendor "Sap" for product "Banking Services" | 500 Search vendor "Sap" for product "Banking Services" and version "500" | - |
Affected
| ||||||