CVE-2020-6273 MEDIUM

CVE-2020-6273

Vendor Sap Se
Product SAP S/4 HANA (Fiori UI for General Ledger Accounting)
Published August 12, 2020
Last update August 4, 2024

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 104, does not perform necessary authorization checks for an authenticated user working with attachment service, allowing the attacker to delete attachments due to Missing Authorization Check.

Key dates

02Disclosure timeline

August 12, 2020 CVE published
August 4, 2024 Record updated