{"containers": {"cna": {"affected": [{"product": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 600"}, {"status": "affected", "version": "< 603"}, {"status": "affected", "version": "< 604"}, {"status": "affected", "version": "< 605"}, {"status": "affected", "version": "< 606"}, {"status": "affected", "version": "< 616"}, {"status": "affected", "version": "< 617"}, {"status": "affected", "version": "< 618"}, {"status": "affected", "version": "< 800"}]}, {"product": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 101"}, {"status": "affected", "version": "< 102"}, {"status": "affected", "version": "< 103"}, {"status": "affected", "version": "< 104"}]}], "descriptions": [{"lang": "en", "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Missing Authorization Check", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-03-10T20:20:12", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2841874"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6204", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)", "version": {"version_data": [{"version_name": "<", "version_value": "600"}, {"version_name": "<", "version_value": "603"}, {"version_name": "<", "version_value": "604"}, {"version_name": "<", "version_value": "605"}, {"version_name": "<", "version_value": "606"}, {"version_name": "<", "version_value": "616"}, {"version_name": "<", "version_value": "617"}, {"version_name": "<", "version_value": "618"}, {"version_name": "<", "version_value": "800"}]}}, {"product_name": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)", "version": {"version_data": [{"version_name": "<", "version_value": "101"}, {"version_name": "<", "version_value": "102"}, {"version_name": "<", "version_value": "103"}, {"version_name": "<", "version_value": "104"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."}]}, "impact": {"cvss": {"baseScore": "4.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing Authorization Check"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"}, {"name": "https://launchpad.support.sap.com/#/notes/2841874", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2841874"}]}}}}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6204", "datePublished": "2020-03-10T20:20:12", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2020-03-10T20:20:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):600:*:*:*:*:*:*:*", "matchCriteriaId": "7EFF8EC8-0C4E-4D93-AECF-6711B470FB54", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):603:*:*:*:*:*:*:*", "matchCriteriaId": "F10EBDE7-0EEE-42E1-A860-ECE0B606D385", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):604:*:*:*:*:*:*:*", "matchCriteriaId": "39437BF7-3C69-43E3-8EFA-EAED49704543", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):605:*:*:*:*:*:*:*", "matchCriteriaId": "447929D0-5FF0-44EC-99B4-A0A6F3D098AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):606:*:*:*:*:*:*:*", "matchCriteriaId": "5085EED2-349E-42D2-A5AE-0F307D43C774", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):616:*:*:*:*:*:*:*", "matchCriteriaId": "E4495C9D-8489-4FC1-94F6-84D203F9B388", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):617:*:*:*:*:*:*:*", "matchCriteriaId": "66AC9F3C-5CE8-4036-9970-5BF9A09C3E06", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):618:*:*:*:*:*:*:*", "matchCriteriaId": "AA62E740-4F8D-4E34-8FFE-AA341963308F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):800:*:*:*:*:*:*:*", "matchCriteriaId": "349C577E-7966-41CE-A116-4CF9EE47D3D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):101:*:*:*:*:*:*:*", "matchCriteriaId": "6E21EE73-34F2-4D1C-8C6F-0B0489C049F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):102:*:*:*:*:*:*:*", "matchCriteriaId": "6B1E8180-D2BB-423C-84BC-CA738F61C518", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):103:*:*:*:*:*:*:*", "matchCriteriaId": "215CC44C-D4EA-4CAF-946B-5109790F6636", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):104:*:*:*:*:*:*:*", "matchCriteriaId": "6A389AB7-2487-4AEA-BDA3-3E8CC7BB163F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."}, {"lang": "es", "value": "La consulta de selecci\u00f3n en SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV versiones 600, 603, 604, 605, 606, 616, 617, 618, 800 y S4CORE versiones 101, 102, 103, 104), devuelve m\u00e1s registros de los que deber\u00edan ser cuando selecciona y despliega el n\u00famero de contrato, conllevando a una Falta de Comprobaci\u00f3n de Autorizaci\u00f3n."}], "id": "CVE-2020-6204", "lastModified": "2020-03-12T16:15:40.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-10T21:15:14.527", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/2841874"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}