Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6275

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.

Published

2020-06-10T13:15:18.667

Last Modified

2024-11-21T05:35:25.340

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-918
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver_application_server_abap 700 Yes
Application sap netweaver_application_server_abap 701 Yes
Application sap netweaver_application_server_abap 702 Yes
Application sap netweaver_application_server_abap 710 Yes
Application sap netweaver_application_server_abap 711 Yes
Application sap netweaver_application_server_abap 730 Yes
Application sap netweaver_application_server_abap 731 Yes
Application sap netweaver_application_server_abap 740 Yes
Application sap netweaver_application_server_abap 750 Yes
Application sap netweaver_application_server_abap 751 Yes
Application sap netweaver_application_server_abap 752 Yes
Application sap netweaver_application_server_abap 753 Yes
Application sap netweaver_application_server_abap 754 Yes
References