Skip links

CVE-2020-6362 Incorrect Authorization in SAP Banking Services, SAP security note 2953212

Description

SAP Banking Services uses an incorrect authorization object in some of its reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability could lead to privilege escalation and violation in segregation of duties, which in turn could lead to Service interruptions and system unavailability for the victim and users of the component

Available fix and Supported packages

  • FSAPPL | 500 | 500
  • FSAPPL 500 | SAPK-50015INFSAPPL |

Affected component

    FS-BA-SD-PO
    Primary Objects

CVSS

Score: 4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2953212

TAGS

#Bank-Analyzer-RFC-enabled-function-modules
#&160-CVE-2020-6362