Lucene search

[email protected]NVD:CVE-2020-6310

HistoryAug 12, 2020 - 2:15 p.m.

CVE-2020-6310

2020-08-1214:15:14

[email protected]

web.nvd.nist.gov

sap netweaver

abap server

abap platform

access control

user enumeration

information disclosure

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

Affected configurations

Nvd

Node

sapabap_platformMatch7.31

sapabap_platformMatch7.40

sapabap_platformMatch7.50

sapabap_platformMatch700

sapabap_platformMatch701

sapabap_platformMatch702

sapabap_platformMatch710

sapabap_platformMatch711

sapabap_platformMatch751

sapabap_platformMatch753

sapabap_platformMatch755

sapnetweaver_application_server_abapMatch700

sapnetweaver_application_server_abapMatch701

sapnetweaver_application_server_abapMatch702

sapnetweaver_application_server_abapMatch710

sapnetweaver_application_server_abapMatch711

sapnetweaver_application_server_abapMatch731

sapnetweaver_application_server_abapMatch740

sapnetweaver_application_server_abapMatch750

sapnetweaver_application_server_abapMatch751

sapnetweaver_application_server_abapMatch753

sapnetweaver_application_server_abapMatch755

VendorProductVersionCPE
sapabap_platform7.31cpe:2.3:a:sap:abap_platform:7.31:*:*:*:*:*:*:*
sapabap_platform7.40cpe:2.3:a:sap:abap_platform:7.40:*:*:*:*:*:*:*
sapabap_platform7.50cpe:2.3:a:sap:abap_platform:7.50:*:*:*:*:*:*:*
sapabap_platform700cpe:2.3:a:sap:abap_platform:700:*:*:*:*:*:*:*
sapabap_platform701cpe:2.3:a:sap:abap_platform:701:*:*:*:*:*:*:*
sapabap_platform702cpe:2.3:a:sap:abap_platform:702:*:*:*:*:*:*:*
sapabap_platform710cpe:2.3:a:sap:abap_platform:710:*:*:*:*:*:*:*
sapabap_platform711cpe:2.3:a:sap:abap_platform:711:*:*:*:*:*:*:*
sapabap_platform751cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:*
sapabap_platform753cpe:2.3:a:sap:abap_platform:753:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	abap_platform	7.31	cpe:2.3:a:sap:abap_platform:7.31:::::::*
sap	abap_platform	7.40	cpe:2.3:a:sap:abap_platform:7.40:::::::*
sap	abap_platform	7.50	cpe:2.3:a:sap:abap_platform:7.50:::::::*
sap	abap_platform	700	cpe:2.3:a:sap:abap_platform:700:::::::*
sap	abap_platform	701	cpe:2.3:a:sap:abap_platform:701:::::::*
sap	abap_platform	702	cpe:2.3:a:sap:abap_platform:702:::::::*
sap	abap_platform	710	cpe:2.3:a:sap:abap_platform:710:::::::*
sap	abap_platform	711	cpe:2.3:a:sap:abap_platform:711:::::::*
sap	abap_platform	751	cpe:2.3:a:sap:abap_platform:751:::::::*
sap	abap_platform	753	cpe:2.3:a:sap:abap_platform:753:::::::*

Rows per page:

1-10 of 221

References

launchpad.support.sap.com/#/notes/2944988

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

AI Score

4.5

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for NVD:CVE-2020-6310

cve1 cvelist1 prion1