CVE-2020-6275
7.6
CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Netweaver AS ABAP | < 700 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 701 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 702 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 710 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 711 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 730 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 731 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 740 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 750 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 751 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 752 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 753 | affected |
| SAP SE | SAP Netweaver AS ABAP | < 754 | affected |
Weaknesses
- Server Side Request Forgery
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
- https://launchpad.support.sap.com/#/notes/2912939
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775
- https://launchpad.support.sap.com/#/notes/2912939
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.