Description
Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.
Affected Software
{"id": "CVE-2020-6263", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2020-6263", "description": "Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.", "published": "2020-06-10T13:15:00", "modified": "2021-07-21T11:39:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 7.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL"}, "exploitabilityScore": 3.9, "impactScore": 5.9}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6263", "reporter": "cna@sap.com", "references": ["https://launchpad.support.sap.com/#/notes/2878568", "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"], "cvelist": ["CVE-2020-6263"], "immutableFields": [], "lastseen": "2022-03-23T18:47:39", "viewCount": 15, "enchantments": {"dependencies": {}, "score": {"value": 4.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "talos", "idList": ["SAP"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}, {"name": "sap netweaver application server java", "version": 7}]}, "vulnersScore": 4.4}, "_state": {"dependencies": 1659878138, "score": 1659818015, "affected_software_major_version": 1671590614}, "_internal": {"score_hash": "35d087b50c6017cfff3cd61ad7c29925"}, "cna_cvss": {"cna": "SAP SE", "cvss": {"3": {"vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H", "score": 6.9}}}, "cpe": ["cpe:/a:sap:netweaver_application_server_java:7.02", "cpe:/a:sap:netweaver_application_server_java:7.10", "cpe:/a:sap:netweaver_application_server_java:7.00", "cpe:/a:sap:netweaver_application_server_java:7.11", "cpe:/a:sap:netweaver_application_server_java:7.20", "cpe:/a:sap:netweaver_application_server_java:7.30", "cpe:/a:sap:netweaver_application_server_java:7.40", "cpe:/a:sap:netweaver_application_server_java:7.50", "cpe:/a:sap:netweaver_application_server_java:7.01", "cpe:/a:sap:netweaver_application_server_java:7.05", "cpe:/a:sap:netweaver_application_server_java:7.31"], "cpe23": ["cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.02:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.00:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.05:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:*", "cpe:2.3:a:sap:netweaver_application_server_java:7.01:*:*:*:*:*:*:*"], "cwe": ["CWE-306"], "affectedSoftware": [{"cpeName": "sap:netweaver_application_server_java", "version": "7.00", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.01", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.02", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.05", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.10", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.11", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.20", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.30", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.31", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.40", "operator": "eq", "name": "sap netweaver application server java"}, {"cpeName": "sap:netweaver_application_server_java", "version": "7.50", "operator": "eq", "name": "sap netweaver application server java"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.00:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.01:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.02:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.05:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.10:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://launchpad.support.sap.com/#/notes/2878568", "name": "https://launchpad.support.sap.com/#/notes/2878568", "refsource": "MISC", "tags": ["Permissions Required"]}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775", "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775", "refsource": "MISC", "tags": ["Vendor Advisory"]}]}
{}