cnvd-2021-03707
Vulnerability from cnvd
Title
SAP ERP和SAP S/4 HANA授权问题漏洞(CNVD-2021-03707)
Description
SAP S/4 HANA和SAP ERP都是德国思爱普(SAP)公司的产品。SAP S/4 HANA是一款适用于大型企业的智能化集成式ERP软件。SAP ERP是一系列用于ERP管理的软件。
SAP ERP和SAP S/4 HANA存在授权问题漏洞,该漏洞允许经过身份验证的攻击者查看其在PS报告中未能授权的对象的成本记录,从而导致缺少授权检查。
Severity
中
VLAI Severity ?
Patch Name
SAP ERP和SAP S/4 HANA授权问题漏洞(CNVD-2021-03707)的补丁
Patch Description
SAP S/4 HANA和SAP ERP都是德国思爱普(SAP)公司的产品。SAP S/4 HANA是一款适用于大型企业的智能化集成式ERP软件。SAP ERP是一系列用于ERP管理的软件。
SAP ERP和SAP S/4 HANA存在授权问题漏洞,该漏洞允许经过身份验证的攻击者查看其在PS报告中未能授权的对象的成本记录,从而导致缺少授权检查。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://launchpad.support.sap.com/#/notes/2975170
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-6316
Impacted products
| Name | ['SAP SAP ERP 618', 'SAP SAP S/4 HANA 100', 'SAP SAP S/4 HANA 101', 'SAP SAP S/4 HANA 102', 'SAP SAP S/4 HANA 103', 'SAP SAP S/4 HANA 104', 'SAP SAP ERP 600', 'SAP SAP ERP 602', 'SAP SAP ERP 603', 'SAP SAP ERP 604', 'SAP SAP ERP 605', 'SAP SAP ERP 606', 'SAP SAP ERP 616', 'SAP SAP ERP 617'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-6316",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-6316"
}
},
"description": "SAP S/4 HANA\u548cSAP ERP\u90fd\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SAP S/4 HANA\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u5927\u578b\u4f01\u4e1a\u7684\u667a\u80fd\u5316\u96c6\u6210\u5f0fERP\u8f6f\u4ef6\u3002SAP ERP\u662f\u4e00\u7cfb\u5217\u7528\u4e8eERP\u7ba1\u7406\u7684\u8f6f\u4ef6\u3002\n\nSAP ERP\u548cSAP S/4 HANA\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u67e5\u770b\u5176\u5728PS\u62a5\u544a\u4e2d\u672a\u80fd\u6388\u6743\u7684\u5bf9\u8c61\u7684\u6210\u672c\u8bb0\u5f55\uff0c\u4ece\u800c\u5bfc\u81f4\u7f3a\u5c11\u6388\u6743\u68c0\u67e5\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://launchpad.support.sap.com/#/notes/2975170",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-03707",
"openTime": "2021-01-18",
"patchDescription": "SAP S/4 HANA\u548cSAP ERP\u90fd\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002SAP S/4 HANA\u662f\u4e00\u6b3e\u9002\u7528\u4e8e\u5927\u578b\u4f01\u4e1a\u7684\u667a\u80fd\u5316\u96c6\u6210\u5f0fERP\u8f6f\u4ef6\u3002SAP ERP\u662f\u4e00\u7cfb\u5217\u7528\u4e8eERP\u7ba1\u7406\u7684\u8f6f\u4ef6\u3002\r\n\r\nSAP ERP\u548cSAP S/4 HANA\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u67e5\u770b\u5176\u5728PS\u62a5\u544a\u4e2d\u672a\u80fd\u6388\u6743\u7684\u5bf9\u8c61\u7684\u6210\u672c\u8bb0\u5f55\uff0c\u4ece\u800c\u5bfc\u81f4\u7f3a\u5c11\u6388\u6743\u68c0\u67e5\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "SAP ERP\u548cSAP S/4 HANA\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2021-03707\uff09\u7684\u8865\u4e01",
"products": {
"product": [
"SAP SAP ERP 618",
"SAP SAP S/4 HANA 100",
"SAP SAP S/4 HANA 101",
"SAP SAP S/4 HANA 102",
"SAP SAP S/4 HANA 103",
"SAP SAP S/4 HANA 104",
"SAP SAP ERP 600",
"SAP SAP ERP 602",
"SAP SAP ERP 603",
"SAP SAP ERP 604",
"SAP SAP ERP 605",
"SAP SAP ERP 606",
"SAP SAP ERP 616",
"SAP SAP ERP 617"
]
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-6316",
"serverity": "\u4e2d",
"submitTime": "2020-12-10",
"title": "SAP ERP\u548cSAP S/4 HANA\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2021-03707\uff09"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…