Missing Authorization Check in SAP ERP and SAP S/4 HANA PS Reporting: Unauthorized Access to Cost Records
CVE-2020-6316 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he has no authorization in PS reporting, leading to Missing Authorization check.
Learn more about our User Device Pen Test.