CVE-2020-6307 - OpenCVE

Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sap	Basis

Configuration 1 [-]

OR	cpe:2.3:a:sap:basis:7.0:::::::*
	cpe:2.3:a:sap:basis:7.01:::::::*
	cpe:2.3:a:sap:basis:7.02:::::::*
	cpe:2.3:a:sap:basis:7.31:::::::*
	cpe:2.3:a:sap:basis:7.40:::::::*
	cpe:2.3:a:sap:basis:7.50:::::::*
	cpe:2.3:a:sap:basis:7.51:::::::*
	cpe:2.3:a:sap:basis:7.52:::::::*
	cpe:2.3:a:sap:basis:7.53:::::::*
	cpe:2.3:a:sap:basis:7.54:::::::*

No data.

References

Link	Providers
https://launchpad.support.sap.com/#/notes/2863397
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771

History

No history.

MITRE

Status: PUBLISHED

Assigner: sap

Published: 2020-01-14T17:52:59

Updated: 2024-08-04T08:55:22.405Z

Reserved: 2020-01-08T00:00:00

Link: CVE-2020-6307

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2020-01-14T18:15:12.180

Modified: 2021-07-21T11:39:23.747

Link: CVE-2020-6307

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Automated Note Search Tool (SAP Basis)", "vendor": "SAP SE", "versions": [{"status": "affected", "version": "< 7.0"}, {"status": "affected", "version": "< 7.01"}, {"status": "affected", "version": "< 7.02"}, {"status": "affected", "version": "< 7.31"}, {"status": "affected", "version": "< 7.4"}, {"status": "affected", "version": "< 7.5"}, {"status": "affected", "version": "< 7.51"}, {"status": "affected", "version": "< 7.52"}, {"status": "affected", "version": "< 7.53"}, {"status": "affected", "version": "< 7.54"}]}], "descriptions": [{"lang": "en", "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Missing Authorization Check", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-14T17:52:59", "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "shortName": "sap"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"}, {"tags": ["x_refsource_MISC"], "url": "https://launchpad.support.sap.com/#/notes/2863397"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cna@sap.com", "ID": "CVE-2020-6307", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Automated Note Search Tool (SAP Basis)", "version": {"version_data": [{"version_name": "<", "version_value": "7.0"}, {"version_name": "<", "version_value": "7.01"}, {"version_name": "<", "version_value": "7.02"}, {"version_name": "<", "version_value": "7.31"}, {"version_name": "<", "version_value": "7.4"}, {"version_name": "<", "version_value": "7.5"}, {"version_name": "<", "version_value": "7.51"}, {"version_name": "<", "version_value": "7.52"}, {"version_name": "<", "version_value": "7.53"}, {"version_name": "<", "version_value": "7.54"}]}}]}, "vendor_name": "SAP SE"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information."}]}, "impact": {"cvss": {"baseScore": "4.3", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Missing Authorization Check"}]}]}, "references": {"reference_data": [{"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771", "refsource": "CONFIRM", "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"}, {"name": "https://launchpad.support.sap.com/#/notes/2863397", "refsource": "MISC", "url": "https://launchpad.support.sap.com/#/notes/2863397"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T08:55:22.405Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://launchpad.support.sap.com/#/notes/2863397"}]}]}, "cveMetadata": {"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd", "assignerShortName": "sap", "cveId": "CVE-2020-6307", "datePublished": "2020-01-14T17:52:59", "dateReserved": "2020-01-08T00:00:00", "dateUpdated": "2024-08-04T08:55:22.405Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:basis:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "49E9E5C3-C582-4294-A33E-5B54EC5A1046", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.01:*:*:*:*:*:*:*", "matchCriteriaId": "D262D407-99E0-40B4-B57D-B8E693795368", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.02:*:*:*:*:*:*:*", "matchCriteriaId": "5048545D-7872-4EB9-AA97-557944999BB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.31:*:*:*:*:*:*:*", "matchCriteriaId": "1AC2D764-A795-4FBC-95AF-D212B8E51991", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.40:*:*:*:*:*:*:*", "matchCriteriaId": "B469CB1A-3AF3-4824-A185-A46A63DBABBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.50:*:*:*:*:*:*:*", "matchCriteriaId": "56852389-A9A8-42DB-A471-10C1990502FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.51:*:*:*:*:*:*:*", "matchCriteriaId": "594CB284-78FF-491F-BAF6-390E7D4D5DBE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.52:*:*:*:*:*:*:*", "matchCriteriaId": "F7ACA030-9C6A-47D3-A7D9-899753870241", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.53:*:*:*:*:*:*:*", "matchCriteriaId": "893979E3-40EB-4847-A39B-F548F3000F89", "vulnerable": true}, {"criteria": "cpe:2.3:a:sap:basis:7.54:*:*:*:*:*:*:*", "matchCriteriaId": "977F2126-AB92-47D0-B7D4-314D468AC497", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information."}, {"lang": "es", "value": "Automated Note Search Tool (actualizaci\u00f3n proporcionada en SAP Basis versiones 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 y 7.54), no realiza suficientes comprobaciones de autorizaci\u00f3n conllevando a la lectura de informaci\u00f3n confidencial."}], "id": "CVE-2020-6307", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-14T18:15:12.180", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://launchpad.support.sap.com/#/notes/2863397"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}]}