CVE-2020-6214

{"id": "CVE-2020-6214", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 1.2}]}, "published": "2020-04-14T19:15:16.983", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2897612", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-863"}]}, {"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system."}, {"lang": "es", "value": "SAP S/4HANA (Financial Products Subledger), versi\u00f3n 100, utiliza un objeto de autorizaci\u00f3n incorrecto en algunos reportes. Aunque los reportes afectados est\u00e1n protegidos con otros objetos de autorizaci\u00f3n, la explotaci\u00f3n de la vulnerabilidad permitir\u00eda a un atacante autenticado visualizar, cambiar o eliminar datos, impidiendo as\u00ed la segregaci\u00f3n apropiada de tareas en el sistema."}], "lastModified": "2020-04-15T17:05:39.463", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s\\/4hana:100:*:*:*:*:financial_products_subledger:*:*", "vulnerable": true, "matchCriteriaId": "75733E0C-297B-4710-9EE8-EC48990807A8"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}