CVE-2020-6190
5.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Summary
Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS Java (Heap Dump Application) | = 7.30 | affected |
| SAP SE | SAP NetWeaver AS Java (Heap Dump Application) | = 7.31 | affected |
| SAP SE | SAP NetWeaver AS Java (Heap Dump Application) | = 7.40 | affected |
| SAP SE | SAP NetWeaver AS Java (Heap Dump Application) | = 7.50 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
- https://launchpad.support.sap.com/#/notes/2838835
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
- https://launchpad.support.sap.com/#/notes/2838835
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.