2020-01-08 14:01:06 +00:00
{
"data_type" : "CVE" ,
"data_format" : "MITRE" ,
"data_version" : "4.0" ,
"CVE_data_meta" : {
"ID" : "CVE-2020-6307" ,
2020-01-14 18:01:05 +00:00
"ASSIGNER" : "cna@sap.com" ,
"STATE" : "PUBLIC"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"vendor_name" : "SAP SE" ,
"product" : {
"product_data" : [
{
"product_name" : "Automated Note Search Tool (SAP Basis)" ,
"version" : {
"version_data" : [
{
"version_name" : "<" ,
"version_value" : "7.0"
} ,
{
"version_name" : "<" ,
"version_value" : "7.01"
} ,
{
"version_name" : "<" ,
"version_value" : "7.02"
} ,
{
"version_name" : "<" ,
"version_value" : "7.31"
} ,
{
"version_name" : "<" ,
"version_value" : "7.4"
} ,
{
"version_name" : "<" ,
"version_value" : "7.5"
} ,
{
"version_name" : "<" ,
"version_value" : "7.51"
} ,
{
"version_name" : "<" ,
"version_value" : "7.52"
} ,
{
"version_name" : "<" ,
"version_value" : "7.53"
} ,
{
"version_name" : "<" ,
"version_value" : "7.54"
}
]
}
}
]
}
}
]
}
2020-01-08 14:01:06 +00:00
} ,
"description" : {
"description_data" : [
{
"lang" : "eng" ,
2020-01-14 18:01:05 +00:00
"value" : "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information."
}
]
} ,
"impact" : {
"cvss" : {
"baseScore" : "4.3" ,
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" ,
"version" : "3.0"
}
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "Missing Authorization Check"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"refsource" : "CONFIRM" ,
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771" ,
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"
} ,
{
"url" : "https://launchpad.support.sap.com/#/notes/2863397" ,
"refsource" : "MISC" ,
"name" : "https://launchpad.support.sap.com/#/notes/2863397"
2020-01-08 14:01:06 +00:00
}
]
}
}
