CVE-2020-6306

EUVD-2020-27456
Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
sapCNA
2.7 LOW
NETWORK
LOW
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
sapleasing
6.0
sapleasing
6.02
sapleasing
6.03
sapleasing
6.04
sapleasing
6.05
sapleasing
6.06
sapleasing
6.16
sapleasing
6.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2865348
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771
https://launchpad.support.sap.com/#/notes/2865348
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771