CVE-2020-6310

Summary

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver (ABAP Server) and ABAP Platform< 702affected
SAP SESAP NetWeaver (ABAP Server) and ABAP Platform< 730affected
SAP SESAP NetWeaver (ABAP Server) and ABAP Platform< 731affected
SAP SESAP NetWeaver (ABAP Server) and ABAP Platform< 740affected
SAP SESAP NetWeaver (ABAP Server) and ABAP Platform< 750affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References