Missing Authorization Check in SAP Banking Services (Generic Market Data) Allows Unauthorized Access and Data Manipulation

Missing Authorization Check in SAP Banking Services (Generic Market Data) Allows Unauthorized Access and Data Manipulation

CVE-2020-6298 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

SAP Banking Services (Generic Market Data), versions - 400, 450, 500, allows an unauthorized user to display protected Business Partner Generic Market Data (GMD) and change related GMD key figure values, due to Missing Authorization Check.

Learn more about our User Device Pen Test.