CVE-2020-6233 - OpenCVE

SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:S/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Sap	S\/4hana Financial Products Subledger Banking Services From Sap

Configuration 1 [-]

OR	cpe:2.3:a:sap:banking_services_from_sap:400:::::::*
	cpe:2.3:a:sap:banking_services_from_sap:450:::::::*
	cpe:2.3:a:sap:banking_services_from_sap:500:::::::*
	cpe:2.3:a:sap:s\/4hana_financial_products_subledger:100:::::::*

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2904796	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sap

Published: 2020-04-14T18:34:47

Updated: 2020-04-14T18:34:47

Reserved: 2020-01-08T00:00:00

Link: CVE-2020-6233

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-14T19:15:18.063

Modified: 2020-04-15T13:21:15.060

Link: CVE-2020-6233

JSON object: View

Redhat Information

No data.

CWE

CWE-862

{"containers": {"cna": {"affected": [{"product": "SAP S/4 HANA (Financial Products Subledger and Banking Services) (FSAPPL)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 400"}, {"status": "affected", "version": "< 450"}, {"status": "affected", "version": "< 500"}]}, {"product": "SAP S/4 HANA (Financial Products Subledger and Banking Services) (S4FPSL)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 100"}]}], "descriptions": [{"lang": "en", "value": "SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Missing Authorization Check", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-14T18:34:47", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2904796"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6233", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SAP S/4 HANA (Financial Products Subledger and Banking Services) (FSAPPL)", "version": {"version_data": [{"version_name": "<", "version_value": "400"}, {"version_name": "<", "version_value": "450"}, {"version_name": "<", "version_value": "500"}]}}, {"product_name": "SAP S/4 HANA (Financial Products Subledger and Banking Services) (S4FPSL)", "version": {"version_data": [{"version_name": "<", "version_value": "100"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system."}]}, "impact": {"cvss": {"baseScore": "4.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing Authorization Check"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", "refsource": "MISC", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"}, {"name": "https://launchpad.support.sap.com/#/notes/2904796", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2904796"}]}}}}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6233", "datePublished": "2020-04-14T18:34:47", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2020-04-14T18:34:47", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:banking_services_from_sap:400:*:*:*:*:*:*:*", "matchCriteriaId": "425D48F0-8BF0-4061-A004-17F166AD8C0F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:banking_services_from_sap:450:*:*:*:*:*:*:*", "matchCriteriaId": "7827B1E1-FD57-4053-A467-20EF90D55AD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:banking_services_from_sap:500:*:*:*:*:*:*:*", "matchCriteriaId": "0FE3E896-BAD5-4845-99CE-3C3EB41C5219", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:s\\/4hana_financial_products_subledger:100:*:*:*:*:*:*:*", "matchCriteriaId": "F1CCD228-865A-4795-A0F8-C9F175D87480", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP S/4 HANA (Financial Products Subledger and Banking Services), versions - FSAPPL 400, 450, 500 and S4FPSL 100, allows an authenticated user to run an analysis report due to Missing Authorization Check, resulting in slowing the system."}, {"lang": "es", "value": "SAP S/4 HANA (Financial Products Subledger and Banking Services), versiones - FSAPPL 400, 450, 500 y S4FPSL 100, permite a un usuario autenticado ejecutar un reporte de an\u00e1lisis debido a una Falta de Comprobaci\u00f3n de Autorizaci\u00f3n, resultando en una desaceleraci\u00f3n del sistema."}], "id": "CVE-2020-6233", "lastModified": "2020-04-15T13:21:15.060", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-14T19:15:18.063", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://launchpad.support.sap.com/#/notes/2904796"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}