Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2020-6318
HistorySep 09, 2020 - 1:15 p.m.

CVE-2020-6318

2020-09-0913:15:12
CWE-94
[email protected]
web.nvd.nist.gov
23
2
sap
netweaver
abap server
code injection
remote code execution
vulnerability
nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.

Affected configurations

NVD
Node
sapabap_platformMatch700
OR
sapabap_platformMatch701
OR
sapabap_platformMatch702
OR
sapabap_platformMatch710
OR
sapabap_platformMatch711
OR
sapabap_platformMatch730
OR
sapabap_platformMatch731
OR
sapabap_platformMatch740
OR
sapabap_platformMatch750
OR
sapabap_platformMatch751
OR
sapabap_platformMatch753
OR
sapabap_platformMatch754
OR
sapabap_platformMatch755

CNA Affected

[
  {
    "product": "SAP NetWeaver (ABAP Server) and ABAP Platform",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 700"
      },
      {
        "status": "affected",
        "version": "< 701"
      },
      {
        "status": "affected",
        "version": "< 702"
      },
      {
        "status": "affected",
        "version": "< 710"
      },
      {
        "status": "affected",
        "version": "< 711"
      },
      {
        "status": "affected",
        "version": "< 730"
      },
      {
        "status": "affected",
        "version": "< 731"
      },
      {
        "status": "affected",
        "version": "< 740"
      },
      {
        "status": "affected",
        "version": "< 750"
      },
      {
        "status": "affected",
        "version": "< 751"
      },
      {
        "status": "affected",
        "version": "< 752"
      },
      {
        "status": "affected",
        "version": "< 753"
      },
      {
        "status": "affected",
        "version": "< 754"
      },
      {
        "status": "affected",
        "version": "< 755"
      }
    ]
  }
]

Social References

More

Related

cvelist 1
nvd 1
prion 1
packetstorm 1
cvelist
cvelist
CVE-2020-6318
2020-09-09 12:46:21
nvd
nvd
CVE-2020-6318
2020-09-09 13:15:12
prion
prion
Remote code execution
2020-09-09 13:15:00
packetstorm
packetstorm
SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
2022-05-19 00:00:00

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

7.9 High

AI Score

Confidence

High

0.06 Low

EPSS

Percentile

93.5%

JSON
Related for CVE-2020-6318
cvelist1nvd1prion1packetstorm1