CVE-2020-6309

Summary

SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11), does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS JAVA (ENGINEAPI)< 7.10affected
SAP SESAP NetWeaver AS JAVA (WSRM)< 7.10affected
SAP SESAP NetWeaver AS JAVA (WSRM)< 7.11affected
SAP SESAP NetWeaver AS JAVA (WSRM)< 7.20affected
SAP SESAP NetWeaver AS JAVA (WSRM)< 7.30affected
SAP SESAP NetWeaver AS JAVA (WSRM)< 7.31affected
SAP SESAP NetWeaver AS JAVA (WSRM)< 7.40affected
SAP SESAP NetWeaver AS JAVA (WSRM)< 7.50affected
SAP SESAP NetWeaver AS JAVA (J2EE-FRMW)< 7.10affected
SAP SESAP NetWeaver AS JAVA (J2EE-FRMW)< 7.11affected

Weaknesses

  • Missing Authentication check

ADP Enrichment

CVE Program Container

Additional References

References