2020-01-08 14:01:06 +00:00
{
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
"CVE_data_meta" : {
"ID" : "CVE-2020-6258" ,
2020-05-12 18:01:27 +00:00
"ASSIGNER" : "cna@sap.com" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "SAP SE" ,
"product" : {
"product_data" : [
{
"product_name" : "SAP Identity Management" ,
"version" : {
"version_data" : [
{
"version_name" : "<" ,
"version_value" : "8.0"
}
]
}
}
]
}
}
]
}
2020-01-08 14:01:06 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2020-05-12 18:01:27 +00:00
"value" : "SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check."
}
]
} ,
"impact" : {
"cvss" : {
"baseScore" : "4.3" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
"version" : "3.0"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Missing Authorization Check"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222" ,
"refsource" : "MISC" ,
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222"
} ,
{
"url" : "https://launchpad.support.sap.com/#/notes/2915429" ,
"refsource" : "MISC" ,
"name" : "https://launchpad.support.sap.com/#/notes/2915429"
2020-01-08 14:01:06 +00:00
}
]
}
}
