CVE-2020-6320

Summary

SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Marketing (Mobile Channel Servlet)< 130affected
SAP SESAP Marketing (Mobile Channel Servlet)< 140affected
SAP SESAP Marketing (Mobile Channel Servlet)< 150affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References