VYPR
Unrated severityNVD Advisory· Published Aug 12, 2020· Updated Aug 4, 2024

CVE-2020-6273

CVE-2020-6273

Description

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.

Affected products

2
  • SAP/S/4HANAllm-fuzzy
    Range: 103, 104
  • SAP SE/SAP S/4 HANA (Fiori UI for General Ledger Accounting)v5
    Range: < 103

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.