Lucene search

[email protected]CVE-2020-6280

HistoryJul 14, 2020 - 1:15 p.m.

CVE-2020-6280

2020-07-1413:15:12

[email protected]

web.nvd.nist.gov

cve-2020-6280

sap

netweaver

abap server

abap platform

information disclosure

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

4.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

Affected configurations

NVD

Node

sapabap_platformMatch7.31

sapabap_platformMatch7.40

sapabap_platformMatch7.50

sapnetweaver_application_server_abapMatch731

sapnetweaver_application_server_abapMatch740

sapnetweaver_application_server_abapMatch750

CPENameOperatorVersion
sap:abap_platformsap abap platformeq7.31
sap:abap_platformsap abap platformeq7.40
sap:abap_platformsap abap platformeq7.50
sap:netweaver_application_server_abapsap netweaver application server abapeq731
sap:netweaver_application_server_abapsap netweaver application server abapeq740
sap:netweaver_application_server_abapsap netweaver application server abapeq750

CPE	Name	Operator	Version
sap:abap_platform	sap abap platform	eq	7.31
sap:abap_platform	sap abap platform	eq	7.40
sap:abap_platform	sap abap platform	eq	7.50
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	731
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	740
sap:netweaver_application_server_abap	sap netweaver application server abap	eq	750

CNA Affected

[
  {
    "product": "SAP NetWeaver (ABAP Server) and ABAP Platform",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 731"
      },
      {
        "status": "affected",
        "version": "< 740"
      },
      {
        "status": "affected",
        "version": "< 750"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2927373

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552599675

Social References

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

2.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

4.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for CVE-2020-6280

prion1 cvelist1 nvd1