CVE-2020-6320
9.6
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Summary
SAP Marketing (Servlet), version-130,140,150, allows an authenticated attacker to invoke certain functions that are restricted. Limited knowledge of payload is required for an attacker to exploit the vulnerability and perform tasks related to contact and interaction data which impacts Confidentiality and Integrity of data in the application.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Marketing (Mobile Channel Servlet) | < 130 | affected |
| SAP SE | SAP Marketing (Mobile Channel Servlet) | < 140 | affected |
| SAP SE | SAP Marketing (Mobile Channel Servlet) | < 150 | affected |
Weaknesses
- Improper Access Control
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
- https://launchpad.support.sap.com/#/notes/2961991
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
- https://launchpad.support.sap.com/#/notes/2961991
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.