{"containers":{"cna":{"affected":[{"product":"Automated Note Search Tool (SAP Basis)","vendor":"SAP SE","versions":[{"status":"affected","version":"< 7.0"},{"status":"affected","version":"< 7.01"},{"status":"affected","version":"< 7.02"},{"status":"affected","version":"< 7.31"},{"status":"affected","version":"< 7.4"},{"status":"affected","version":"< 7.5"},{"status":"affected","version":"< 7.51"},{"status":"affected","version":"< 7.52"},{"status":"affected","version":"< 7.53"},{"status":"affected","version":"< 7.54"}]}],"descriptions":[{"lang":"en","value":"Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Missing Authorization Check","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-01-14T17:52:59.000Z","orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"},{"tags":["x_refsource_MISC"],"url":"https://launchpad.support.sap.com/#/notes/2863397"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cna@sap.com","ID":"CVE-2020-6307","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Automated Note Search Tool (SAP Basis)","version":{"version_data":[{"version_name":"<","version_value":"7.0"},{"version_name":"<","version_value":"7.01"},{"version_name":"<","version_value":"7.02"},{"version_name":"<","version_value":"7.31"},{"version_name":"<","version_value":"7.4"},{"version_name":"<","version_value":"7.5"},{"version_name":"<","version_value":"7.51"},{"version_name":"<","version_value":"7.52"},{"version_name":"<","version_value":"7.53"},{"version_name":"<","version_value":"7.54"}]}}]},"vendor_name":"SAP SE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7.02, 7.31, 7.4, 7.5, 7.51, 7.52, 7.53 and 7.54) does not perform sufficient authorization checks leading to the reading of sensitive information."}]},"impact":{"cvss":{"baseScore":"4.3","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Missing Authorization Check"}]}]},"references":{"reference_data":[{"name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771","refsource":"CONFIRM","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"},{"name":"https://launchpad.support.sap.com/#/notes/2863397","refsource":"MISC","url":"https://launchpad.support.sap.com/#/notes/2863397"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T08:55:22.405Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://launchpad.support.sap.com/#/notes/2863397"}]}]},"cveMetadata":{"assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","assignerShortName":"sap","cveId":"CVE-2020-6307","datePublished":"2020-01-14T17:52:59.000Z","dateReserved":"2020-01-08T00:00:00.000Z","dateUpdated":"2024-08-04T08:55:22.405Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}