4

CVE-2020-6306

Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAPLeasing Version6.0
SAPLeasing Version6.02
SAPLeasing Version6.03
SAPLeasing Version6.04
SAPLeasing Version6.05
SAPLeasing Version6.06
SAPLeasing Version6.16
SAPLeasing Version6.17
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.6% 0.438
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.7 1.2 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
cna@sap.com 2.7 1.2 1.4
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771
Vendor Advisory
https://launchpad.support.sap.com/#/notes/2865348
Permissions Required