The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2841874 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2020-03-10T20:20:12
Updated: 2020-03-10T20:20:12
Reserved: 2020-01-08T00:00:00
Link: CVE-2020-6204
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-10T21:15:14.527
Modified: 2020-03-12T16:15:40.160
Link: CVE-2020-6204
JSON object: View
Redhat Information
No data.
CWE