Lucene search

[email protected]CVE-2020-6215

HistoryApr 14, 2020 - 8:15 p.m.

CVE-2020-6215

2020-04-1420:15:15

CWE-601

[email protected]

web.nvd.nist.gov

cve-2020-6215

sap

netweaver

as abap

business server pages

url redirection

nvd

vulnerability

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

Affected configurations

NVD

Node

sapnetweaver_as_abap_business_server_pagesMatch700

sapnetweaver_as_abap_business_server_pagesMatch701

sapnetweaver_as_abap_business_server_pagesMatch702

sapnetweaver_as_abap_business_server_pagesMatch730

sapnetweaver_as_abap_business_server_pagesMatch731

sapnetweaver_as_abap_business_server_pagesMatch740

sapnetweaver_as_abap_business_server_pagesMatch750

sapnetweaver_as_abap_business_server_pagesMatch751

sapnetweaver_as_abap_business_server_pagesMatch752

sapnetweaver_as_abap_business_server_pagesMatch753

sapnetweaver_as_abap_business_server_pagesMatch754

CPENameOperatorVersion
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq700
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq701
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq702
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq730
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq731
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq740
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq750
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq751
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq752
sap:netweaver_as_abap_business_server_pagessap netweaver as abap business server pageseq753

CPE	Name	Operator	Version
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	700
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	701
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	702
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	730
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	731
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	740
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	750
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	751
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	752
sap:netweaver_as_abap_business_server_pages	sap netweaver as abap business server pages	eq	753

Rows per page:

1-10 of 111

CNA Affected

[
  {
    "vendor": "SAP SE",
    "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)",
    "versions": [
      {
        "version": "< 700",
        "status": "affected"
      },
      {
        "version": "< 701",
        "status": "affected"
      },
      {
        "version": "< 702",
        "status": "affected"
      },
      {
        "version": "< 730",
        "status": "affected"
      },
      {
        "version": "< 731",
        "status": "affected"
      },
      {
        "version": "< 740",
        "status": "affected"
      },
      {
        "version": "< 750",
        "status": "affected"
      },
      {
        "version": "< 751",
        "status": "affected"
      },
      {
        "version": "< 752",
        "status": "affected"
      },
      {
        "version": "< 753",
        "status": "affected"
      },
      {
        "version": "< 754",
        "status": "affected"
      }
    ]
  }
]

References

packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html

seclists.org/fulldisclosure/2023/Oct/13

launchpad.support.sap.com/#/notes/2872782

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.1%

JSON

Related for CVE-2020-6215

cvelist1 nessus1 prion1 nvd1 packetstorm1