SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2897612 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2020-04-14T18:05:32
Updated: 2020-04-14T18:05:32
Reserved: 2020-01-08T00:00:00
Link: CVE-2020-6214
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-04-14T19:15:16.983
Modified: 2020-04-15T17:05:39.463
Link: CVE-2020-6214
JSON object: View
Redhat Information
No data.
CWE