CVE-2020-6263

Summary

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS JAVA< SAP-JEECOR 7.00affected
SAP SESAP NetWeaver AS JAVA< 7.01 SERVERCOR 7.10affected
SAP SESAP NetWeaver AS JAVA< 7.11affected
SAP SESAP NetWeaver AS JAVA< 7.20affected
SAP SESAP NetWeaver AS JAVA< 7.30affected
SAP SESAP NetWeaver AS JAVA< 7.31affected
SAP SESAP NetWeaver AS JAVA< 7.40affected
SAP SESAP NetWeaver AS JAVA< 7.50 CORE-TOOLS 7.00affected
SAP SESAP NetWeaver AS JAVA< 7.01affected
SAP SESAP NetWeaver AS JAVA< 7.02affected
SAP SESAP NetWeaver AS JAVA< 7.05affected
SAP SESAP NetWeaver AS JAVA< 7.10affected
SAP SESAP NetWeaver AS JAVA< 7.50affected

Weaknesses

  • Authentication Bypass

ADP Enrichment

CVE Program Container

Additional References

References