CVE-2020-6214 is a vulnerability in SAP S4hana
Published on April 14, 2020
SAP S/4HANA (Financial Products Subledger), version 100, uses an incorrect authorization object in some reports. Although the affected reports are protected with other authorization objects, exploitation of the vulnerability would allow an authenticated attacker to view, change, or delete data, thereby preventing the proper segregation of duties in the system.
Weakness Type
What is an AuthZ Vulnerability?
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
CVE-2020-6214 has been classified to as an AuthZ vulnerability or weakness.
Products Associated with CVE-2020-6214
Want to know whenever a new CVE is published for SAP S4hana? stack.watch will email you.
Affected Versions
SAP SE SAP S/4HANA (Financial Products Subledger) Version < 100 is affected by CVE-2020-6214Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.