CVE-2020-6307
Summary
| CVE | CVE-2020-6307 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-01-14 18:15:00 UTC |
| Updated | 2021-07-21 11:39:00 UTC |
| Description | Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information. |
Risk And Classification
Problem Types: CWE-863
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Basis | 7.0 | All | All | All |
| Application | Sap | Basis | 7.01 | All | All | All |
| Application | Sap | Basis | 7.02 | All | All | All |
| Application | Sap | Basis | 7.31 | All | All | All |
| Application | Sap | Basis | 7.40 | All | All | All |
| Application | Sap | Basis | 7.50 | All | All | All |
| Application | Sap | Basis | 7.51 | All | All | All |
| Application | Sap | Basis | 7.52 | All | All | All |
| Application | Sap | Basis | 7.53 | All | All | All |
| Application | Sap | Basis | 7.54 | All | All | All |
| Application | Sap | Basis | 7.0 | All | All | All |
| Application | Sap | Basis | 7.01 | All | All | All |
| Application | Sap | Basis | 7.02 | All | All | All |
| Application | Sap | Basis | 7.31 | All | All | All |
| Application | Sap | Basis | 7.40 | All | All | All |
| Application | Sap | Basis | 7.50 | All | All | All |
| Application | Sap | Basis | 7.51 | All | All | All |
| Application | Sap | Basis | 7.52 | All | All | All |
| Application | Sap | Basis | 7.53 | All | All | All |
| Application | Sap | Basis | 7.54 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SAP Security Patch Day – January 2020 - Product Security Response at SAP - Community Wiki | CONFIRM | wiki.scn.sap.com | Vendor Advisory |
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.