8.3
CVE-2020-6298
- EPSS 0.25%
- Published 12.08.2020 14:15:14
- Last modified 21.11.2024 05:35:27
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Generic Market Data Version400
SAP ≫ Generic Market Data Version450
SAP ≫ Generic Market Data Version500
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.449 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:P/A:N
|
| cna@sap.com | 8.3 | 2.8 | 5.5 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.