CVE-2020-6311 MEDIUM

CVE-2020-6311

Vendor Sap Se

Product BANKING SERVICES FROM SAP 9.0(Bank Analyzer)

Weakness CWE-285

Published September 9, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.

Key dates

02Disclosure timeline

September 9, 2020 CVE published

August 4, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2020-6311

Related vulnerabilities

04Related CVE

CVE-2023-5808 System Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products are susceptible to unintended information disclosure via unprivileged access to HNAS configuration backup and diagnostic data. CVE-2026-2076 yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization CVE-2026-45371 SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs CVE-2025-3587 ZeroWdd/code-projects studentmanager getTeacherList improper authorization CVE-2021-25354

Identifiers

CVE CVE-2020-6311

CWE CWE-285

CVSS 6.5 / MEDIUM

Affected versions

Vendor Sap Se

Product BANKING SERVICES FROM SAP 9.0(Bank Analyzer)

Affected < 500

Vendor Sap Se

Product S/4HANA FIN PROD SUBLDGR

Affected < 100