Skip links

CVE-2020-6233 Missing Authorization Check in SAP S/4 HANA (Financial Products Subledger and Banking Services), SAP security note 2904796

Description

SAP S/4HANA for financial products subledger and Banking Services without proper authorization checks, allows an authenticated user to run an analysis report, which leads to slow down of the system.

 Some well-known impacts of Missing Authorization checks are:

  • abuse functionality restricted to a particular user group
  • read, modify or delete restricted data    

Available fix and Supported packages

  • FSAPPL | 400 | 400
  • FSAPPL | 450 | 450
  • FSAPPL | 500 | 500
  • S4FPSL | 100 | 100
  • FSAPPL 400 | SAPK-40029INFSAPPL |
  • FSAPPL 450 | SAPK-45020INFSAPPL |
  • FSAPPL 500 | SAPK-50014INFSAPPL |
  • S4FPSL 100 | SAPK-10003INS4FPSL |

Affected component

    FS-BA
    Bank Analyzer

CVSS

Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2904796

TAGS

#Access-control
#Authorization-error
#Authorization-profile
#&160-CVE-2020-6233