Missing Authorization Check in SAP ERP and SAP S/4 HANA PS Reporting: Unauthorized Access to Cost Records

Missing Authorization Check in SAP ERP and SAP S/4 HANA PS Reporting: Unauthorized Access to Cost Records

CVE-2020-6316 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.

Learn more about our User Device Pen Test.