Missing Authorization Check in SAP ERP (HCM Travel Management) Allows Unauthorized Access and Privilege Escalation

Missing Authorization Check in SAP ERP (HCM Travel Management) Allows Unauthorized Access and Privilege Escalation

CVE-2020-6301 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 606, 607, 608, allows an authenticated but unauthorized attacker to read, modify and settle trips, resulting in escalation of privileges, due to Missing Authorization Check.

Learn more about our Web Application Penetration Testing UK.