CVE-2020-6262

Summary

Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Application Server ABAP (ST-PI)< 2008_1_46Caffected
SAP SESAP Application Server ABAP (ST-PI)< 2008_1_620affected
SAP SESAP Application Server ABAP (ST-PI)< 2008_1_640affected
SAP SESAP Application Server ABAP (ST-PI)< 2008_1_700affected
SAP SESAP Application Server ABAP (ST-PI)< 2008_1_710affected
SAP SESAP Application Server ABAP (ST-PI)< 740affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

References