CVE-2020-6204 (GCVE-0-2020-6204)

Vulnerability from cvelistv5 – Published: 2020-03-10 20:20 – Updated: 2024-08-04 08:55
VLAI?
Summary
The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
Severity ?
4.3 (Medium)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE
  • Missing Authorization Check
Assigner
sap
References
Impacted products
Vendor Product Version
SAP SE SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV) Affected: < 600
Affected: < 603
Affected: < 604
Affected: < 605
Affected: < 606
Affected: < 616
Affected: < 617
Affected: < 618
Affected: < 800
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:55:22.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2841874"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 600"
            },
            {
              "status": "affected",
              "version": "\u003c 603"
            },
            {
              "status": "affected",
              "version": "\u003c 604"
            },
            {
              "status": "affected",
              "version": "\u003c 605"
            },
            {
              "status": "affected",
              "version": "\u003c 606"
            },
            {
              "status": "affected",
              "version": "\u003c 616"
            },
            {
              "status": "affected",
              "version": "\u003c 617"
            },
            {
              "status": "affected",
              "version": "\u003c 618"
            },
            {
              "status": "affected",
              "version": "\u003c 800"
            }
          ]
        },
        {
          "product": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 101"
            },
            {
              "status": "affected",
              "version": "\u003c 102"
            },
            {
              "status": "affected",
              "version": "\u003c 103"
            },
            {
              "status": "affected",
              "version": "\u003c 104"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing Authorization Check",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T20:20:12",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2841874"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "600"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "603"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "604"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "605"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "606"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "616"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "617"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "618"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "800"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "101"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "102"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "103"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "104"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Missing Authorization Check"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2841874",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2841874"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-6204",
    "datePublished": "2020-03-10T20:20:12",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T08:55:22.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):600:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7EFF8EC8-0C4E-4D93-AECF-6711B470FB54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):603:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F10EBDE7-0EEE-42E1-A860-ECE0B606D385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):604:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39437BF7-3C69-43E3-8EFA-EAED49704543\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):605:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"447929D0-5FF0-44EC-99B4-A0A6F3D098AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):606:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5085EED2-349E-42D2-A5AE-0F307D43C774\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):616:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E4495C9D-8489-4FC1-94F6-84D203F9B388\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):617:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"66AC9F3C-5CE8-4036-9970-5BF9A09C3E06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):618:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA62E740-4F8D-4E34-8FFE-AA341963308F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):800:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"349C577E-7966-41CE-A116-4CF9EE47D3D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):101:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6E21EE73-34F2-4D1C-8C6F-0B0489C049F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):102:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B1E8180-D2BB-423C-84BC-CA738F61C518\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):103:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"215CC44C-D4EA-4CAF-946B-5109790F6636\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):104:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A389AB7-2487-4AEA-BDA3-3E8CC7BB163F\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.\"}, {\"lang\": \"es\", \"value\": \"La consulta de selecci\\u00f3n en SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV versiones 600, 603, 604, 605, 606, 616, 617, 618, 800 y S4CORE versiones 101, 102, 103, 104), devuelve m\\u00e1s registros de los que deber\\u00edan ser cuando selecciona y despliega el n\\u00famero de contrato, conllevando a una Falta de Comprobaci\\u00f3n de Autorizaci\\u00f3n.\"}]",
      "id": "CVE-2020-6204",
      "lastModified": "2024-11-21T05:35:17.640",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV30\": [{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 4.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:N/A:N\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-03-10T21:15:14.527",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/2841874\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2841874\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-6204\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2020-03-10T21:15:14.527\",\"lastModified\":\"2024-11-21T05:35:17.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.\"},{\"lang\":\"es\",\"value\":\"La consulta de selecci\u00f3n en SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV versiones 600, 603, 604, 605, 606, 616, 617, 618, 800 y S4CORE versiones 101, 102, 103, 104), devuelve m\u00e1s registros de los que deber\u00edan ser cuando selecciona y despliega el n\u00famero de contrato, conllevando a una Falta de Comprobaci\u00f3n de Autorizaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV30\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):600:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EFF8EC8-0C4E-4D93-AECF-6711B470FB54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):603:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F10EBDE7-0EEE-42E1-A860-ECE0B606D385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):604:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39437BF7-3C69-43E3-8EFA-EAED49704543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):605:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"447929D0-5FF0-44EC-99B4-A0A6F3D098AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):606:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5085EED2-349E-42D2-A5AE-0F307D43C774\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):616:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4495C9D-8489-4FC1-94F6-84D203F9B388\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):617:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66AC9F3C-5CE8-4036-9970-5BF9A09C3E06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):618:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA62E740-4F8D-4E34-8FFE-AA341963308F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):800:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"349C577E-7966-41CE-A116-4CF9EE47D3D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E21EE73-34F2-4D1C-8C6F-0B0489C049F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):102:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B1E8180-D2BB-423C-84BC-CA738F61C518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"215CC44C-D4EA-4CAF-946B-5109790F6636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):104:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A389AB7-2487-4AEA-BDA3-3E8CC7BB163F\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2841874\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2841874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.