Vulnerability Details CVE-2020-6270
SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.6%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
Products affected by CVE-2020-6270
-
cpe:2.3:a:sap:netweaver_application_server_abap:710
-
cpe:2.3:a:sap:netweaver_application_server_abap:711
-
cpe:2.3:a:sap:netweaver_application_server_abap:740
-
cpe:2.3:a:sap:netweaver_application_server_abap:750
-
cpe:2.3:a:sap:netweaver_application_server_abap:751
-
cpe:2.3:a:sap:netweaver_application_server_abap:752
-
cpe:2.3:a:sap:netweaver_application_server_abap:75a
-
cpe:2.3:a:sap:netweaver_application_server_abap:75b
-
cpe:2.3:a:sap:netweaver_application_server_abap:75c
-
cpe:2.3:a:sap:netweaver_application_server_abap:75d
-
cpe:2.3:a:sap:netweaver_application_server_abap:75e