CVE-2020-6262
9.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Application Server ABAP (ST-PI) | < 2008_1_46C | affected |
| SAP SE | SAP Application Server ABAP (ST-PI) | < 2008_1_620 | affected |
| SAP SE | SAP Application Server ABAP (ST-PI) | < 2008_1_640 | affected |
| SAP SE | SAP Application Server ABAP (ST-PI) | < 2008_1_700 | affected |
| SAP SE | SAP Application Server ABAP (ST-PI) | < 2008_1_710 | affected |
| SAP SE | SAP Application Server ABAP (ST-PI) | < 740 | affected |
Weaknesses
- Code Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2835979
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2835979
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.