cvelistv5 - cve-2020-6204

CVE-2020-6204 (GCVE-0-2020-6204)

Vulnerability from cvelistv5

Published

2020-03-10 20:20

Modified

2024-08-04 08:55

Severity ?

4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE

Missing Authorization Check

Summary

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

References

URL

Tags

cna@sap.com	https://launchpad.support.sap.com/#/notes/2841874	Permissions Required
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2841874	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305	Vendor Advisory

Impacted products

Vendor

Product

Version

SAP SE

SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)

Version: < 600
Version: < 603
Version: < 604
Version: < 605
Version: < 606
Version: < 616
Version: < 617
Version: < 618
Version: < 800

SAP SE

SAP Treasury and Risk Management (Transaction Management) (S4CORE)

Version: < 101
Version: < 102
Version: < 103
Version: < 104

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:55:22.119Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2841874"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 600"
            },
            {
              "status": "affected",
              "version": "\u003c 603"
            },
            {
              "status": "affected",
              "version": "\u003c 604"
            },
            {
              "status": "affected",
              "version": "\u003c 605"
            },
            {
              "status": "affected",
              "version": "\u003c 606"
            },
            {
              "status": "affected",
              "version": "\u003c 616"
            },
            {
              "status": "affected",
              "version": "\u003c 617"
            },
            {
              "status": "affected",
              "version": "\u003c 618"
            },
            {
              "status": "affected",
              "version": "\u003c 800"
            }
          ]
        },
        {
          "product": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 101"
            },
            {
              "status": "affected",
              "version": "\u003c 102"
            },
            {
              "status": "affected",
              "version": "\u003c 103"
            },
            {
              "status": "affected",
              "version": "\u003c 104"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Missing Authorization Check",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-10T20:20:12",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2841874"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6204",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "600"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "603"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "604"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "605"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "606"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "616"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "617"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "618"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "800"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "101"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "102"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "103"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "104"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "4.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Missing Authorization Check"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2841874",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2841874"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-6204",
    "datePublished": "2020-03-10T20:20:12",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T08:55:22.119Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-6204\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2020-03-10T21:15:14.527\",\"lastModified\":\"2024-11-21T05:35:17.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.\"},{\"lang\":\"es\",\"value\":\"La consulta de selecci\u00f3n en SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV versiones 600, 603, 604, 605, 606, 616, 617, 618, 800 y S4CORE versiones 101, 102, 103, 104), devuelve m\u00e1s registros de los que deber\u00edan ser cuando selecciona y despliega el n\u00famero de contrato, conllevando a una Falta de Comprobaci\u00f3n de Autorizaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV30\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:N/A:N\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):600:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7EFF8EC8-0C4E-4D93-AECF-6711B470FB54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):603:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F10EBDE7-0EEE-42E1-A860-ECE0B606D385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):604:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39437BF7-3C69-43E3-8EFA-EAED49704543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):605:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"447929D0-5FF0-44EC-99B4-A0A6F3D098AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):606:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5085EED2-349E-42D2-A5AE-0F307D43C774\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):616:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4495C9D-8489-4FC1-94F6-84D203F9B388\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):617:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"66AC9F3C-5CE8-4036-9970-5BF9A09C3E06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):618:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA62E740-4F8D-4E34-8FFE-AA341963308F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(ea-finserv\\\\):800:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"349C577E-7966-41CE-A116-4CF9EE47D3D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E21EE73-34F2-4D1C-8C6F-0B0489C049F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):102:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B1E8180-D2BB-423C-84BC-CA738F61C518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):103:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"215CC44C-D4EA-4CAF-946B-5109790F6636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:treasury_and_risk_management_\\\\(s4core\\\\):104:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A389AB7-2487-4AEA-BDA3-3E8CC7BB163F\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2841874\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2841874\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

gsd-2020-6204

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2020-6204

Aliases

CVE-2020-6204

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6204",
    "description": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.",
    "id": "GSD-2020-6204"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6204"
      ],
      "details": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.",
      "id": "GSD-2020-6204",
      "modified": "2023-12-13T01:21:55.370526Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2020-6204",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "600"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "603"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "604"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "605"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "606"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "616"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "617"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "618"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "800"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "SAP Treasury and Risk Management (Transaction Management) (S4CORE)",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "101"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "102"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "103"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "104"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "4.3",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Missing Authorization Check"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2841874",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2841874"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):600:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):603:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):604:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):605:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):606:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):616:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):617:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):618:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):800:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):101:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):102:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):103:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):104:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6204"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2841874",
              "refsource": "MISC",
              "tags": [
                "Permissions Required"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2841874"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 1.4
        }
      },
      "lastModifiedDate": "2020-03-12T16:15Z",
      "publishedDate": "2020-03-10T21:15Z"
    }
  }
}

fkie_cve-2020-6204

Vulnerability from fkie_nvd

Published

2020-03-10 21:15

Modified

2024-11-21 05:35

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/2841874	Permissions Required
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2841874	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	treasury_and_risk_management_\(ea-finserv\)	600
sap	treasury_and_risk_management_\(ea-finserv\)	603
sap	treasury_and_risk_management_\(ea-finserv\)	604
sap	treasury_and_risk_management_\(ea-finserv\)	605
sap	treasury_and_risk_management_\(ea-finserv\)	606
sap	treasury_and_risk_management_\(ea-finserv\)	616
sap	treasury_and_risk_management_\(ea-finserv\)	617
sap	treasury_and_risk_management_\(ea-finserv\)	618
sap	treasury_and_risk_management_\(ea-finserv\)	800
sap	treasury_and_risk_management_\(s4core\)	101
sap	treasury_and_risk_management_\(s4core\)	102
sap	treasury_and_risk_management_\(s4core\)	103
sap	treasury_and_risk_management_\(s4core\)	104

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):600:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFF8EC8-0C4E-4D93-AECF-6711B470FB54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):603:*:*:*:*:*:*:*",
              "matchCriteriaId": "F10EBDE7-0EEE-42E1-A860-ECE0B606D385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):604:*:*:*:*:*:*:*",
              "matchCriteriaId": "39437BF7-3C69-43E3-8EFA-EAED49704543",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):605:*:*:*:*:*:*:*",
              "matchCriteriaId": "447929D0-5FF0-44EC-99B4-A0A6F3D098AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):606:*:*:*:*:*:*:*",
              "matchCriteriaId": "5085EED2-349E-42D2-A5AE-0F307D43C774",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):616:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4495C9D-8489-4FC1-94F6-84D203F9B388",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):617:*:*:*:*:*:*:*",
              "matchCriteriaId": "66AC9F3C-5CE8-4036-9970-5BF9A09C3E06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):618:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA62E740-4F8D-4E34-8FFE-AA341963308F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(ea-finserv\\):800:*:*:*:*:*:*:*",
              "matchCriteriaId": "349C577E-7966-41CE-A116-4CF9EE47D3D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):101:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E21EE73-34F2-4D1C-8C6F-0B0489C049F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):102:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1E8180-D2BB-423C-84BC-CA738F61C518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):103:*:*:*:*:*:*:*",
              "matchCriteriaId": "215CC44C-D4EA-4CAF-946B-5109790F6636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:treasury_and_risk_management_\\(s4core\\):104:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A389AB7-2487-4AEA-BDA3-3E8CC7BB163F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check."
    },
    {
      "lang": "es",
      "value": "La consulta de selecci\u00f3n en SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV versiones 600, 603, 604, 605, 606, 616, 617, 618, 800 y S4CORE versiones 101, 102, 103, 104), devuelve m\u00e1s registros de los que deber\u00edan ser cuando selecciona y despliega el n\u00famero de contrato, conllevando a una Falta de Comprobaci\u00f3n de Autorizaci\u00f3n."
    }
  ],
  "id": "CVE-2020-6204",
  "lastModified": "2024-11-21T05:35:17.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "cna@sap.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-10T21:15:14.527",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2841874"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2841874"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-whqr-v2xf-6j78

Vulnerability from github

Published

2022-05-24 17:10

Modified

2024-04-04 02:49

Severity ?

4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6204"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-03-10T21:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.",
  "id": "GHSA-whqr-v2xf-6j78",
  "modified": "2024-04-04T02:49:05Z",
  "published": "2022-05-24T17:10:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6204"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2841874"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

CERTFR-2020-AVI-140

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver Application Server Java (User Management Engine) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP BusinessObjects Mobile (MobileBIService) version 4.2
SAP	N/A	SAP ERP (EAPPGLO) version 607
SAP	N/A	SAP Solution Manager (Diagnostics Agent) version 7.2
SAP	N/A	SAP Business Objects Business Intelligence Platform (Crystal Reports) versions 4.1 et 4.2
SAP	N/A	SAP Fiori Launchpad versions 753 et 754
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP Disclosure Management version 10.1
SAP	Commerce Cloud	SAP Commerce Cloud (SmartEdit Extension) versions - 6.6, 6.7, 1808 et 1811
SAP	N/A	SAP Treasury and Risk Management (Transaction Management) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618, 800, S4CORE 101, 102, 103 et 104
SAP	N/A	SAP NetWeaver AS ABAP Business Server Pages (Smart Forms) - SAP_BASIS versions 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52,
SAP	Commerce Cloud	SAP Commerce Cloud (Testweb Extension) versions 6.6, 6.7, 1808, 1811 et 1905
SAP	N/A	SAP Cloud Platform Integration for Data Services version 1.0
SAP	N/A	SAP NetWeaver UDDI Server (Services Registry) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	.53 et 7.54
SAP	N/A	SAP Solution Manager (User Experience Monitoring) version 7.2
SAP	N/A	SAP Enable Now versions antérieures à 1908
SAP	N/A	SAP MaxDB (liveCache) versions 7.8 et 7.9
SAP	N/A	SAP Enable Now versions antérieures à 1911

References

Title

Publication Time

cnvd-2020-29735

Vulnerability from cnvd

Title

SAP Treasury and Risk Management信息泄露漏洞

Description

SAP Treasury and Risk Management（TRM）是德国思爱普（SAP）公司的一套财务和风险管理解决方案。该产品主要用于分析和优化公司财务领域的业务流程。 SAP TRM中存在安全漏洞。攻击者可利用该漏洞获取敏感信息。

Severity

中

Patch Name

SAP Treasury and Risk Management信息泄露漏洞的补丁

Patch Description

SAP Treasury and Risk Management（TRM）是德国思爱普（SAP）公司的一套财务和风险管理解决方案。该产品主要用于分析和优化公司财务领域的业务流程。 SAP TRM中存在安全漏洞。攻击者可利用该漏洞获取敏感信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-6204

Impacted products

Name
['SAP Treasury and Risk Management (EA-FINSERV) 600', 'SAP Treasury and Risk Management (EA-FINSERV) 603', 'SAP Treasury and Risk Management (EA-FINSERV) 604', 'SAP Treasury and Risk Management (EA-FINSERV) 605', 'SAP Treasury and Risk Management (EA-FINSERV) 606', 'SAP Treasury and Risk Management (EA-FINSERV) 616', 'SAP Treasury and Risk Management (EA-FINSERV) 617', 'SAP Treasury and Risk Management (EA-FINSERV) 618', 'SAP Treasury and Risk Management (EA-FINSERV) 800', 'SAP SAP Treasury and Risk Management (S4CORE) 101', 'SAP SAP Treasury and Risk Management (S4CORE) 102', 'SAP SAP Treasury and Risk Management (S4CORE) 103', 'SAP SAP Treasury and Risk Management (S4CORE) 104']

Name

['SAP Treasury and Risk Management (EA-FINSERV) 600', 'SAP Treasury and Risk Management (EA-FINSERV) 603', 'SAP Treasury and Risk Management (EA-FINSERV) 604', 'SAP Treasury and Risk Management (EA-FINSERV) 605', 'SAP Treasury and Risk Management (EA-FINSERV) 606', 'SAP Treasury and Risk Management (EA-FINSERV) 616', 'SAP Treasury and Risk Management (EA-FINSERV) 617', 'SAP Treasury and Risk Management (EA-FINSERV) 618', 'SAP Treasury and Risk Management (EA-FINSERV) 800', 'SAP SAP Treasury and Risk Management (S4CORE) 101', 'SAP SAP Treasury and Risk Management (S4CORE) 102', 'SAP SAP Treasury and Risk Management (S4CORE) 103', 'SAP SAP Treasury and Risk Management (S4CORE) 104']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6204"
    }
  },
  "description": "SAP Treasury and Risk Management\uff08TRM\uff09\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u8d22\u52a1\u548c\u98ce\u9669\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u5206\u6790\u548c\u4f18\u5316\u516c\u53f8\u8d22\u52a1\u9886\u57df\u7684\u4e1a\u52a1\u6d41\u7a0b\u3002\n\nSAP TRM\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-29735",
  "openTime": "2020-05-25",
  "patchDescription": "SAP Treasury and Risk Management\uff08TRM\uff09\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u8d22\u52a1\u548c\u98ce\u9669\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u4e3b\u8981\u7528\u4e8e\u5206\u6790\u548c\u4f18\u5316\u516c\u53f8\u8d22\u52a1\u9886\u57df\u7684\u4e1a\u52a1\u6d41\u7a0b\u3002\r\n\r\nSAP TRM\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Treasury and Risk Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP Treasury and Risk Management (EA-FINSERV) 600",
      "SAP Treasury and Risk Management (EA-FINSERV) 603",
      "SAP Treasury and Risk Management (EA-FINSERV) 604",
      "SAP Treasury and Risk Management (EA-FINSERV) 605",
      "SAP Treasury and Risk Management (EA-FINSERV) 606",
      "SAP Treasury and Risk Management (EA-FINSERV) 616",
      "SAP Treasury and Risk Management (EA-FINSERV) 617",
      "SAP Treasury and Risk Management (EA-FINSERV) 618",
      "SAP Treasury and Risk Management (EA-FINSERV) 800",
      "SAP SAP Treasury and Risk Management (S4CORE) 101",
      "SAP SAP Treasury and Risk Management (S4CORE) 102",
      "SAP SAP Treasury and Risk Management (S4CORE) 103",
      "SAP SAP Treasury and Risk Management (S4CORE) 104"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-6204",
  "serverity": "\u4e2d",
  "submitTime": "2020-03-12",
  "title": "SAP Treasury and Risk Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2020-6204 (GCVE-0-2020-6204)

Vulnerability from cvelistv5

gsd-2020-6204

Vulnerability from gsd

fkie_cve-2020-6204

Vulnerability from fkie_nvd

ghsa-whqr-v2xf-6j78

Vulnerability from github

CERTFR-2020-AVI-140

Vulnerability from certfr_avis

Solution

cnvd-2020-29735

Vulnerability from cnvd

Tags

Sightings

Nomenclature