CVE-2020-6224

Summary

SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS Java (HTTP Service)< 7.10affected
SAP SESAP NetWeaver AS Java (HTTP Service)< 7.11affected
SAP SESAP NetWeaver AS Java (HTTP Service)< 7.20affected
SAP SESAP NetWeaver AS Java (HTTP Service)< 7.30affected
SAP SESAP NetWeaver AS Java (HTTP Service)< 7.31affected
SAP SESAP NetWeaver AS Java (HTTP Service)< 7.40affected
SAP SESAP NetWeaver AS Java (HTTP Service)< 7.50affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References