CVE-2020-6270 : SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not per

SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.

Published 2020-06-10 13:15:18

Updated 2022-10-05 14:16:09

Source SAP SE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2020-6270

Probability of exploitation activity in the next 30 days: 0.05%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 21 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2020-6270

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.0	MEDIUM	AV:N/AC:L/Au:S/C:N/I:P/A:N	8.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
6.5	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	2.8	3.6	SAP SE
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2020-6270

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2020-6270

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

SAP Security Patch Day – June 2020 - Product Security Response at SAP - Community Wiki
Vendor Advisory

CVEs referencing this url
https://launchpad.support.sap.com/#/notes/2916562

SAP ONE Support Launchpad: Log On
Permissions Required

Products affected by CVE-2020-6270

SAP » Netweaver Application Server Abap » Version: 750
cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 752
cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 740
cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 751
cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 710
cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 711
cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 75A
cpe:2.3:a:sap:netweaver_application_server_abap:75a:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 75B
cpe:2.3:a:sap:netweaver_application_server_abap:75b:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 75C
cpe:2.3:a:sap:netweaver_application_server_abap:75c:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 75D
cpe:2.3:a:sap:netweaver_application_server_abap:75d:*:*:*:*:*:*:*
Matching versions
SAP » Netweaver Application Server Abap » Version: 75E
cpe:2.3:a:sap:netweaver_application_server_abap:75e:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2020-6270

Exploit prediction scoring system (EPSS) score for CVE-2020-6270

CVSS scores for CVE-2020-6270

CWE ids for CVE-2020-6270

References for CVE-2020-6270

Products affected by CVE-2020-6270