CVE-2020-6240

Summary

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_UI)< 750affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_UI)< 752affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_UI)< 753affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_UI)< 754affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS)< 700affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS)< 710affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS)< 730affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS)< 731affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro ABAP) (SAP_BASIS)< 804affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References