CVE-2020-6204

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.
Configurations

Configuration 1

cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):600:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):603:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):604:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):605:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):606:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):616:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):617:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):618:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(ea-finserv):800:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(s4core):101:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(s4core):102:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(s4core):103:*:*:*:*:*:*:*
cpe:2.3:a:sap:treasury_and_risk_management_(s4core):104:*:*:*:*:*:*:*

Information

Published : 2020-03-10 09:15

Updated : 2020-03-12 04:15


NVD link : CVE-2020-6204

Mitre link : CVE-2020-6204

Products Affected
No products.
CWE