Vulnerabilites related to sap - erp
Vulnerability from fkie_nvd
Published
2020-02-12 20:15
Modified
2024-11-21 05:35
Severity ?
Summary
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2857511 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2857511 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sap:erp:6.0:*:*:*:*:*:*:*", matchCriteriaId: "567E715A-39D9-4524-A60B-0A919A460D7D", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4_hana:1511:*:*:*:*:*:*:*", matchCriteriaId: "02BC74F5-5560-4459-B712-5834DEB85B45", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4_hana:1610:*:*:*:*:*:*:*", matchCriteriaId: "7CDC5426-D2C1-430A-96AF-F25CE04A01A7", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4_hana:1709:*:*:*:*:*:*:*", matchCriteriaId: "D2F4BB0A-56DD-4A82-AB66-46C67A261287", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4_hana:1809:*:*:*:*:*:*:*", matchCriteriaId: "EB6E0D66-B1DF-4E65-9155-07C687C08046", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4_hana:1909:*:*:*:*:*:*:*", matchCriteriaId: "055B76F2-6B9F-475F-8244-E427DCB6B0F2", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.", }, { lang: "es", value: "Los reportes de VAT Pro-Rata en SAP ERP (SAP_APPL versiones 600, 602, 603, 604, 605, 606, 616 y SAP_FIN versiones 617, 618, 700, 720, 730) y SAP S/4 HANA (versiones 100, 101, 102 , 103, 104), no realizan las comprobaciones de autorización necesarias para un usuario autenticado, conllevando a una Falta de Comprobación de Autorización.", }, ], id: "CVE-2020-6188", lastModified: "2024-11-21T05:35:15.857", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "PARTIAL", baseScore: 6.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.0", }, exploitabilityScore: 2.1, impactScore: 4.2, source: "cna@sap.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-02-12T20:15:14.400", references: [ { source: "cna@sap.com", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://launchpad.support.sap.com/#/notes/2857511", }, { source: "cna@sap.com", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://launchpad.support.sap.com/#/notes/2857511", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", }, ], sourceIdentifier: "cna@sap.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-03-10 21:15
Modified
2024-11-21 05:35
Severity ?
Summary
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2871167 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2871167 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 | Vendor Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sap:erp:607:*:*:*:*:*:*:*", matchCriteriaId: "56B0EE10-D5C3-4BA8-A2D5-3BE53F890F0C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.", }, { lang: "es", value: "La vista FIMENAV_COMPCERT en SAP ERP (MENA Certificate Management), EAPPGLO versión 607, SAP_FIN versiones 618, 730 y SAP S/4HANA (MENA Certificate Management), S4CORE versiones 100, 101, 102, 103, 104; no tiene ninguna comprobación de autorización debido a que un atacante sin un grupo de autorización puede mantener cualquier certificado de la compañía, conllevando a una Falta de Comprobación de Autorización.", }, ], id: "CVE-2020-6199", lastModified: "2024-11-21T05:35:17.053", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "cna@sap.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-03-10T21:15:14.043", references: [ { source: "cna@sap.com", tags: [ "Permissions Required", ], url: "https://launchpad.support.sap.com/#/notes/2871167", }, { source: "cna@sap.com", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://launchpad.support.sap.com/#/notes/2871167", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", }, ], sourceIdentifier: "cna@sap.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-04-10 20:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | enhancement_package | 6.0 | |
| sap | erp | 6.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sap:enhancement_package:6.0:*:*:*:*:*:*:*", matchCriteriaId: "47E30A94-4CD3-40ED-A08A-5810DB5691A5", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:a:sap:erp:6.0:*:*:*:*:*:*:*", matchCriteriaId: "567E715A-39D9-4524-A60B-0A919A460D7D", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.", }, { lang: "es", value: "La funcionalidad de registro de auditoría de seguridad en SAP Enhancement Package (EHP) 6 para SAP ERP 6.0 permite a atacantes remotos modificar o eliminar clases de registro arbitrarias a través de vectores no especificados. NOTA: algunos de estos detalles se obtienen de información de terceras partes.", }, ], id: "CVE-2014-2748", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-04-10T20:55:06.307", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57741", }, { source: "cve@mitre.org", url: "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002", }, { source: "cve@mitre.org", url: "http://www.onapsis.com/research-advisories.php", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92334", }, { source: "cve@mitre.org", url: "https://service.sap.com/sap/support/notes/1926485", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/57741", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.onapsis.com/research-advisories.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92334", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://service.sap.com/sap/support/notes/1926485", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-264", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-11-10 17:15
Modified
2024-11-21 05:35
Severity ?
Summary
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2944188 | Permissions Required | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2944188 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sap:erp:600:*:*:*:*:*:*:*", matchCriteriaId: "9E53BFD1-8B0D-4BAD-ABA8-24C4FB25036F", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:602:*:*:*:*:*:*:*", matchCriteriaId: "973DF1B4-A0F9-4D7C-9367-BA3380F9E426", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:603:*:*:*:*:*:*:*", matchCriteriaId: "E560E999-5E5E-4EC2-87A7-DF52F3E1BD3D", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:604:*:*:*:*:*:*:*", matchCriteriaId: "E9E38906-8B63-4E06-8BF3-EDC5BFF0BAF9", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:605:*:*:*:*:*:*:*", matchCriteriaId: "7C4FD4F9-A427-44EC-A266-B7BD9C4C7D63", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:606:*:*:*:*:*:*:*", matchCriteriaId: "0107AAA9-C29D-4447-847A-B1825C947D8B", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:616:*:*:*:*:*:*:*", matchCriteriaId: "6327AA0C-A8EF-47BC-BD27-B7835EC26AC5", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:617:*:*:*:*:*:*:*", matchCriteriaId: "619506AC-B6AB-4C7B-9A70-3B1753E2C441", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:618:*:*:*:*:*:*:*", matchCriteriaId: "4573BD22-D50B-431E-928A-C495E342D1AE", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:100:*:*:*:*:*:*:*", matchCriteriaId: "11051D6A-FC81-4951-ACDA-BB07D5A5D751", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:101:*:*:*:*:*:*:*", matchCriteriaId: "E6FE144C-BAF2-4E45-93EE-D70764BDEFD6", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:102:*:*:*:*:*:*:*", matchCriteriaId: "55BACB30-A607-410E-AB05-E991CC19CE12", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:103:*:*:*:*:*:*:*", matchCriteriaId: "95A0C742-4CBD-46B8-B2B3-5949EFC82A6D", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:104:*:*:*:*:*:*:*", matchCriteriaId: "14A540DA-F234-4EEA-ADE8-4F6306A86C1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.", }, { lang: "es", value: "SAP ERP y SAP S/4 HANA, permiten a un usuario autenticado visualizar los registros de costos de objetos para los que no cuenta con autorización en los reportes de PS, conllevando a una Falta de Comprobación de Autorización", }, ], id: "CVE-2020-6316", lastModified: "2024-11-21T05:35:29.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:S/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "cna@sap.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-11-10T17:15:15.233", references: [ { source: "cna@sap.com", tags: [ "Permissions Required", ], url: "https://launchpad.support.sap.com/#/notes/2944188", }, { source: "cna@sap.com", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "https://launchpad.support.sap.com/#/notes/2944188", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571", }, ], sourceIdentifier: "cna@sap.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-04-24 23:15
Modified
2024-11-21 05:35
Severity ?
Summary
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/2864966 | Permissions Required, Vendor Advisory | |
| cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.support.sap.com/#/notes/2864966 | Permissions Required, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | Vendor Advisory |
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:sap:erp:607:*:*:*:*:*:*:*", matchCriteriaId: "56B0EE10-D5C3-4BA8-A2D5-3BE53F890F0C", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:618:*:*:*:*:*:*:*", matchCriteriaId: "4573BD22-D50B-431E-928A-C495E342D1AE", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:erp:730:*:*:*:*:*:*:*", matchCriteriaId: "2EBA7545-3DC3-45A7-8DF4-35F863C3B985", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:100:*:*:*:*:*:*:*", matchCriteriaId: "11051D6A-FC81-4951-ACDA-BB07D5A5D751", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:101:*:*:*:*:*:*:*", matchCriteriaId: "E6FE144C-BAF2-4E45-93EE-D70764BDEFD6", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:102:*:*:*:*:*:*:*", matchCriteriaId: "55BACB30-A607-410E-AB05-E991CC19CE12", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:103:*:*:*:*:*:*:*", matchCriteriaId: "95A0C742-4CBD-46B8-B2B3-5949EFC82A6D", vulnerable: true, }, { criteria: "cpe:2.3:a:sap:s\\/4hana:104:*:*:*:*:*:*:*", matchCriteriaId: "14A540DA-F234-4EEA-ADE8-4F6306A86C1E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.", }, { lang: "es", value: "Los reportes Clearing of Liabilities and Remittance Statement and Summary de retención de impuestos ubicados en Egypt en SAP ERP (versiones 618, 730, EAPPLGLO 607) y S / 4 HANA (versiones 100, 101, 102, 103, 104) no realizan las comprobaciones de autorización necesarias para un usuario autenticado, lo que permite la lectura o modificación de algunos reportes fiscales, debido a la Falta de Comprobación de Autorización.", }, ], id: "CVE-2020-6212", lastModified: "2024-11-21T05:35:18.607", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 5.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 4.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "cna@sap.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-04-24T23:15:11.670", references: [ { source: "cna@sap.com", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://launchpad.support.sap.com/#/notes/2864966", }, { source: "cna@sap.com", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", "Vendor Advisory", ], url: "https://launchpad.support.sap.com/#/notes/2864966", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, ], sourceIdentifier: "cna@sap.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-862", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2020-6188
Vulnerability from cvelistv5
Published
2020-02-12 19:46
Modified
2024-08-04 08:55
Severity ?
EPSS score ?
Summary
VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/2857511 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | SAP ERP (SAP_APPL) |
Version: = 6.0 Version: = 6.02 Version: = 6.03 Version: = 6.04 Version: = 6.05 Version: = 6.06 Version: = 6.16 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:55:22.007Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/2857511", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP ERP (SAP_APPL)", vendor: "SAP SE", versions: [ { status: "affected", version: "= 6.0", }, { status: "affected", version: "= 6.02", }, { status: "affected", version: "= 6.03", }, { status: "affected", version: "= 6.04", }, { status: "affected", version: "= 6.05", }, { status: "affected", version: "= 6.06", }, { status: "affected", version: "= 6.16", }, ], }, { product: "SAP ERP (SAP_FIN)", vendor: "SAP SE", versions: [ { status: "affected", version: "= 6.17", }, { status: "affected", version: "= 6.18", }, { status: "affected", version: "= 7.0", }, { status: "affected", version: "= 7.20", }, { status: "affected", version: "= 7.30", }, ], }, { product: "SAP S/4 HANA (S4CORE)", vendor: "SAP SE", versions: [ { status: "affected", version: "= 1.0", }, { status: "affected", version: "= 1.01", }, { status: "affected", version: "= 1.02", }, { status: "affected", version: "= 1.03", }, { status: "affected", version: "= 1.04", }, ], }, ], descriptions: [ { lang: "en", value: "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing Authorization Check", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-02-12T19:46:09", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", }, { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/2857511", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2020-6188", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP ERP (SAP_APPL)", version: { version_data: [ { version_name: "=", version_value: "6.0", }, { version_name: "=", version_value: "6.02", }, { version_name: "=", version_value: "6.03", }, { version_name: "=", version_value: "6.04", }, { version_name: "=", version_value: "6.05", }, { version_name: "=", version_value: "6.06", }, { version_name: "=", version_value: "6.16", }, ], }, }, { product_name: "SAP ERP (SAP_FIN)", version: { version_data: [ { version_name: "=", version_value: "6.17", }, { version_name: "=", version_value: "6.18", }, { version_name: "=", version_value: "7.0", }, { version_name: "=", version_value: "7.20", }, { version_name: "=", version_value: "7.30", }, ], }, }, { product_name: "SAP S/4 HANA (S4CORE)", version: { version_data: [ { version_name: "=", version_value: "1.0", }, { version_name: "=", version_value: "1.01", }, { version_name: "=", version_value: "1.02", }, { version_name: "=", version_value: "1.03", }, { version_name: "=", version_value: "1.04", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, 605, 606, 616 and SAP_FIN versions 617, 618, 700, 720, 730) and SAP S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user leading to Missing Authorization Check.", }, ], }, impact: { cvss: { baseScore: "6.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing Authorization Check", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", refsource: "MISC", url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812", }, { name: "https://launchpad.support.sap.com/#/notes/2857511", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/2857511", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2020-6188", datePublished: "2020-02-12T19:46:09", dateReserved: "2020-01-08T00:00:00", dateUpdated: "2024-08-04T08:55:22.007Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-6316
Vulnerability from cvelistv5
Published
2020-11-10 16:11
Modified
2024-08-04 08:55
Severity ?
EPSS score ?
Summary
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://launchpad.support.sap.com/#/notes/2944188 | x_refsource_MISC | |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | SAP ERP |
Version: < 600 Version: < 602 Version: < 603 Version: < 604 Version: < 605 Version: < 606 Version: < 616 Version: < 617 Version: < 618 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:55:22.258Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/2944188", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP ERP", vendor: "SAP SE", versions: [ { status: "affected", version: "< 600", }, { status: "affected", version: "< 602", }, { status: "affected", version: "< 603", }, { status: "affected", version: "< 604", }, { status: "affected", version: "< 605", }, { status: "affected", version: "< 606", }, { status: "affected", version: "< 616", }, { status: "affected", version: "< 617", }, { status: "affected", version: "< 618", }, ], }, { product: "SAP S/4 HANA", vendor: "SAP SE", versions: [ { status: "affected", version: "< 100", }, { status: "affected", version: "< 101", }, { status: "affected", version: "< 102", }, { status: "affected", version: "< 103", }, { status: "affected", version: "< 104", }, ], }, ], descriptions: [ { lang: "en", value: "SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing Authorization Check", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-11-10T16:11:29", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/2944188", }, { tags: [ "x_refsource_MISC", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2020-6316", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP ERP", version: { version_data: [ { version_name: "<", version_value: "600", }, { version_name: "<", version_value: "602", }, { version_name: "<", version_value: "603", }, { version_name: "<", version_value: "604", }, { version_name: "<", version_value: "605", }, { version_name: "<", version_value: "606", }, { version_name: "<", version_value: "616", }, { version_name: "<", version_value: "617", }, { version_name: "<", version_value: "618", }, ], }, }, { product_name: "SAP S/4 HANA", version: { version_data: [ { version_name: "<", version_value: "100", }, { version_name: "<", version_value: "101", }, { version_name: "<", version_value: "102", }, { version_name: "<", version_value: "103", }, { version_name: "<", version_value: "104", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.", }, ], }, impact: { cvss: { baseScore: "4.3", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing Authorization Check", }, ], }, ], }, references: { reference_data: [ { name: "https://launchpad.support.sap.com/#/notes/2944188", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/2944188", }, { name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571", refsource: "MISC", url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2020-6316", datePublished: "2020-11-10T16:11:29", dateReserved: "2020-01-08T00:00:00", dateUpdated: "2024-08-04T08:55:22.258Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-6212
Vulnerability from cvelistv5
Published
2020-04-24 22:18
Modified
2024-08-04 08:55
Severity ?
EPSS score ?
Summary
Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/2864966 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | SAP ERP |
Version: < 618 Version: < 730 Version: < EAPPLGLO 607 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:55:22.053Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/2864966", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP ERP", vendor: "SAP SE", versions: [ { status: "affected", version: "< 618", }, { status: "affected", version: "< 730", }, { status: "affected", version: "< EAPPLGLO 607", }, ], }, { product: "SAP S/4 HANA", vendor: "SAP SE", versions: [ { status: "affected", version: "< 100", }, { status: "affected", version: "< 101", }, { status: "affected", version: "< 102", }, { status: "affected", version: "< 103", }, { status: "affected", version: "< 104", }, ], }, ], descriptions: [ { lang: "en", value: "Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing Authorization Check", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-24T22:20:54", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/2864966", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2020-6212", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP ERP", version: { version_data: [ { version_name: "<", version_value: "618", }, { version_name: "<", version_value: "730", }, { version_name: "<", version_value: "EAPPLGLO 607", }, ], }, }, { product_name: "SAP S/4 HANA", version: { version_data: [ { version_name: "<", version_value: "100", }, { version_name: "<", version_value: "101", }, { version_name: "<", version_value: "102", }, { version_name: "<", version_value: "103", }, { version_name: "<", version_value: "104", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Egypt localized withholding tax reports Clearing of Liabilities and Remittance Statement and Summary in SAP ERP (versions 618, 730, EAPPLGLO 607) and S/4 HANA (versions 100, 101, 102, 103, 104) do not perform necessary authorization checks for an authenticated user, allowing reading or modification of some tax reports, due to Missing Authorization Check.", }, ], }, impact: { cvss: { baseScore: "5.4", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing Authorization Check", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", refsource: "MISC", url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { name: "https://launchpad.support.sap.com/#/notes/2864966", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/2864966", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2020-6212", datePublished: "2020-04-24T22:18:54", dateReserved: "2020-01-08T00:00:00", dateUpdated: "2024-08-04T08:55:22.053Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-2748
Vulnerability from cvelistv5
Published
2014-04-10 15:00
Modified
2024-08-06 10:21
Severity ?
EPSS score ?
Summary
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002 | x_refsource_MISC | |
| http://secunia.com/advisories/57741 | third-party-advisory, x_refsource_SECUNIA | |
| https://service.sap.com/sap/support/notes/1926485 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/92334 | vdb-entry, x_refsource_XF | |
| http://www.onapsis.com/research-advisories.php | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T10:21:36.111Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002", }, { name: "57741", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/57741", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://service.sap.com/sap/support/notes/1926485", }, { name: "sap-ehp-log-sec-bypass(92334)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92334", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.onapsis.com/research-advisories.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-03-09T00:00:00", descriptions: [ { lang: "en", value: "The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-28T12:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002", }, { name: "57741", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/57741", }, { tags: [ "x_refsource_MISC", ], url: "https://service.sap.com/sap/support/notes/1926485", }, { name: "sap-ehp-log-sec-bypass(92334)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92334", }, { tags: [ "x_refsource_MISC", ], url: "http://www.onapsis.com/research-advisories.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-2748", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these details are obtained from third party information.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002", refsource: "MISC", url: "http://www.onapsis.com/get.php?resid=adv_onapsis-2014-002", }, { name: "57741", refsource: "SECUNIA", url: "http://secunia.com/advisories/57741", }, { name: "https://service.sap.com/sap/support/notes/1926485", refsource: "MISC", url: "https://service.sap.com/sap/support/notes/1926485", }, { name: "sap-ehp-log-sec-bypass(92334)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/92334", }, { name: "http://www.onapsis.com/research-advisories.php", refsource: "MISC", url: "http://www.onapsis.com/research-advisories.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-2748", datePublished: "2014-04-10T15:00:00", dateReserved: "2014-04-10T00:00:00", dateUpdated: "2024-08-06T10:21:36.111Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-6199
Vulnerability from cvelistv5
Published
2020-03-10 20:18
Modified
2024-08-04 08:55
Severity ?
EPSS score ?
Summary
The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 | x_refsource_MISC | |
| https://launchpad.support.sap.com/#/notes/2871167 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | SAP SE | SAP ERP (EAPPGLO) |
Version: < 607 |
|||||||||||
|
||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:55:22.062Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/2871167", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP ERP (EAPPGLO)", vendor: "SAP SE", versions: [ { status: "affected", version: "< 607", }, ], }, { product: "SAP ERP (SAP_FIN)", vendor: "SAP SE", versions: [ { status: "affected", version: "< 618", }, { status: "affected", version: "< 730", }, ], }, { product: "SAP S/4HANA (S4CORE)", vendor: "SAP SE", versions: [ { status: "affected", version: "< 100", }, { status: "affected", version: "< 101", }, { status: "affected", version: "< 102", }, { status: "affected", version: "< 103", }, { status: "affected", version: "< 104", }, ], }, ], descriptions: [ { lang: "en", value: "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing Authorization Check", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-03-10T20:18:38", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", }, { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/2871167", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2020-6199", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP ERP (EAPPGLO)", version: { version_data: [ { version_name: "<", version_value: "607", }, ], }, }, { product_name: "SAP ERP (SAP_FIN)", version: { version_data: [ { version_name: "<", version_value: "618", }, { version_name: "<", version_value: "730", }, ], }, }, { product_name: "SAP S/4HANA (S4CORE)", version: { version_data: [ { version_name: "<", version_value: "100", }, { version_name: "<", version_value: "101", }, { version_name: "<", version_value: "102", }, { version_name: "<", version_value: "103", }, { version_name: "<", version_value: "104", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EAPPGLO version 607, SAP_FIN versions- 618, 730 and SAP S/4HANA (MENA Certificate Management), S4CORE versions- 100, 101, 102, 103, 104; does not have any authorization check to it due to which an attacker without an authorization group can maintain any company certificate, leading to Missing Authorization Check.", }, ], }, impact: { cvss: { baseScore: "5.4", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing Authorization Check", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", refsource: "MISC", url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305", }, { name: "https://launchpad.support.sap.com/#/notes/2871167", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/2871167", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2020-6199", datePublished: "2020-03-10T20:18:38", dateReserved: "2020-01-08T00:00:00", dateUpdated: "2024-08-04T08:55:22.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }