VYPR
Unrated severityNVD Advisory· Published Mar 10, 2020· Updated Aug 4, 2024

CVE-2020-6204

CVE-2020-6204

Description

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

Affected products

3
  • Range: EA-FINSERV 600,603,604,605,606,616,617,618,800; S4CORE 101,102,103,104
  • SAP SE/SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)v5
    Range: < 600
  • SAP SE/SAP Treasury and Risk Management (Transaction Management) (S4CORE)v5
    Range: < 101

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.