Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2020-6362 Incorrect Authorization in SAP Banking Services, SAP security note 2953212

Description

SAP Banking Services uses an incorrect authorization object in some of its reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component

Available fix and Supported packages

  • FSAPPL | 500 | 500
  • FSAPPL 500 | SAPK-50015INFSAPPL |

Affected component

    FS-BA-SD-PO
    Primary Objects

CVSS

Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2953212

TAGS

#Bank-Analyzer-RFC-enabled-function-modules
#&160-CVE-2020-6362

Explore More

RedRays AI for ABAP Code Security

Empowering Secure, Efficient, and Compliant SAP ABAP Development—in Real Time and Without Data Retention In today’s rapidly evolving business landscape, organizations increasingly

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.