CVE-2020-6224
4.5
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Summary
SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS Java (HTTP Service) | < 7.10 | affected |
| SAP SE | SAP NetWeaver AS Java (HTTP Service) | < 7.11 | affected |
| SAP SE | SAP NetWeaver AS Java (HTTP Service) | < 7.20 | affected |
| SAP SE | SAP NetWeaver AS Java (HTTP Service) | < 7.30 | affected |
| SAP SE | SAP NetWeaver AS Java (HTTP Service) | < 7.31 | affected |
| SAP SE | SAP NetWeaver AS Java (HTTP Service) | < 7.40 | affected |
| SAP SE | SAP NetWeaver AS Java (HTTP Service) | < 7.50 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
- https://launchpad.support.sap.com/#/notes/2826528
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
- https://launchpad.support.sap.com/#/notes/2826528
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.