CVEs-PoC/2020/CVE-2020-6311.md

### [CVE-2020-6311](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6311)
![](https://img.shields.io/static/v1?label=Product&message=BANKING%20SERVICES%20FROM%20SAP%209.0(Bank%20Analyzer)&color=blue)
![](https://img.shields.io/static/v1?label=Product&message=S%2F4HANA%20FIN%20PROD%20SUBLDGR&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C100%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C500%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-285(Improper%20Authorization)&color=brighgreen)

### Description

Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial products subledger, version � 100, does not correctly perform necessary authorization checks for an authenticated user due to Improper Authorization checks, that may cause a system administrator to create incorrect authorization proposals. This may result in privilege escalation and may expose restricted banking data.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/404notf0und/CVE-Flow