Lucene search

K
cve[email protected]CVE-2020-6215
HistoryApr 14, 2020 - 8:15 p.m.

CVE-2020-6215

2020-04-1420:15:15
CWE-601
web.nvd.nist.gov
51
cve-2020-6215
sap
netweaver
as abap
business server pages
url redirection
nvd
vulnerability

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.1%

SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.

Affected configurations

NVD
Node
sapnetweaver_as_abap_business_server_pagesMatch700
OR
sapnetweaver_as_abap_business_server_pagesMatch701
OR
sapnetweaver_as_abap_business_server_pagesMatch702
OR
sapnetweaver_as_abap_business_server_pagesMatch730
OR
sapnetweaver_as_abap_business_server_pagesMatch731
OR
sapnetweaver_as_abap_business_server_pagesMatch740
OR
sapnetweaver_as_abap_business_server_pagesMatch750
OR
sapnetweaver_as_abap_business_server_pagesMatch751
OR
sapnetweaver_as_abap_business_server_pagesMatch752
OR
sapnetweaver_as_abap_business_server_pagesMatch753
OR
sapnetweaver_as_abap_business_server_pagesMatch754

CNA Affected

[
  {
    "vendor": "SAP SE",
    "product": "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)",
    "versions": [
      {
        "version": "< 700",
        "status": "affected"
      },
      {
        "version": "< 701",
        "status": "affected"
      },
      {
        "version": "< 702",
        "status": "affected"
      },
      {
        "version": "< 730",
        "status": "affected"
      },
      {
        "version": "< 731",
        "status": "affected"
      },
      {
        "version": "< 740",
        "status": "affected"
      },
      {
        "version": "< 750",
        "status": "affected"
      },
      {
        "version": "< 751",
        "status": "affected"
      },
      {
        "version": "< 752",
        "status": "affected"
      },
      {
        "version": "< 753",
        "status": "affected"
      },
      {
        "version": "< 754",
        "status": "affected"
      }
    ]
  }
]

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.002 Low

EPSS

Percentile

54.1%

Related for CVE-2020-6215