CVE-2020-6307
Vulnerability from cvelistv5
Published
2020-01-14 17:52
Modified
2024-08-04 08:55
Severity
Summary
Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.
References
Source | URL | Tags |
---|---|---|
cna@sap.com | https://launchpad.support.sap.com/#/notes/2863397 | Permissions Required |
cna@sap.com | https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771 | Vendor Advisory |
Impacted products
Vendor | Product |
---|---|
SAP SE | Automated Note Search Tool (SAP Basis) |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T08:55:22.405Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://launchpad.support.sap.com/#/notes/2863397" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Automated Note Search Tool (SAP Basis)", "vendor": "SAP SE", "versions": [ { "status": "affected", "version": "\u003c 7.0" }, { "status": "affected", "version": "\u003c 7.01" }, { "status": "affected", "version": "\u003c 7.02" }, { "status": "affected", "version": "\u003c 7.31" }, { "status": "affected", "version": "\u003c 7.4" }, { "status": "affected", "version": "\u003c 7.5" }, { "status": "affected", "version": "\u003c 7.51" }, { "status": "affected", "version": "\u003c 7.52" }, { "status": "affected", "version": "\u003c 7.53" }, { "status": "affected", "version": "\u003c 7.54" } ] } ], "descriptions": [ { "lang": "en", "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information." } ], "metrics": [ { "cvssV3_0": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } } ], "problemTypes": [ { "descriptions": [ { "description": "Missing Authorization Check", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2020-01-14T17:52:59", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" }, { "tags": [ "x_refsource_MISC" ], "url": "https://launchpad.support.sap.com/#/notes/2863397" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6307", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Automated Note Search Tool (SAP Basis)", "version": { "version_data": [ { "version_name": "\u003c", "version_value": "7.0" }, { "version_name": "\u003c", "version_value": "7.01" }, { "version_name": "\u003c", "version_value": "7.02" }, { "version_name": "\u003c", "version_value": "7.31" }, { "version_name": "\u003c", "version_value": "7.4" }, { "version_name": "\u003c", "version_value": "7.5" }, { "version_name": "\u003c", "version_value": "7.51" }, { "version_name": "\u003c", "version_value": "7.52" }, { "version_name": "\u003c", "version_value": "7.53" }, { "version_name": "\u003c", "version_value": "7.54" } ] } } ] }, "vendor_name": "SAP SE" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information." } ] }, "impact": { "cvss": { "baseScore": "4.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "Missing Authorization Check" } ] } ] }, "references": { "reference_data": [ { "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", "refsource": "CONFIRM", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" }, { "name": "https://launchpad.support.sap.com/#/notes/2863397", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2863397" } ] } } } }, "cveMetadata": { "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6307", "datePublished": "2020-01-14T17:52:59", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2024-08-04T08:55:22.405Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2020-6307\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2020-01-14T18:15:12.180\",\"lastModified\":\"2021-07-21T11:39:23.747\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.\"},{\"lang\":\"es\",\"value\":\"Automated Note Search Tool (actualizaci\u00f3n proporcionada en SAP Basis versiones 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 y 7.54), no realiza suficientes comprobaciones de autorizaci\u00f3n conllevando a la lectura de informaci\u00f3n confidencial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV30\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49E9E5C3-C582-4294-A33E-5B54EC5A1046\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.01:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D262D407-99E0-40B4-B57D-B8E693795368\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.02:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5048545D-7872-4EB9-AA97-557944999BB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AC2D764-A795-4FBC-95AF-D212B8E51991\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B469CB1A-3AF3-4824-A185-A46A63DBABBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56852389-A9A8-42DB-A471-10C1990502FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.51:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"594CB284-78FF-491F-BAF6-390E7D4D5DBE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.52:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7ACA030-9C6A-47D3-A7D9-899753870241\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.53:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"893979E3-40EB-4847-A39B-F548F3000F89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:basis:7.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"977F2126-AB92-47D0-B7D4-314D468AC497\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2863397\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]}]}}" } }
Loading...