Missing Authorization Check in SAP Master Data Governance Allows Unauthorized Display of Change Request Details

Missing Authorization Check in SAP Master Data Governance Allows Unauthorized Display of Change Request Details

CVE-2020-6256 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.

Learn more about our User Device Pen Test.