Lucene search

SapCVELIST:CVE-2020-6239

HistoryJun 10, 2020 - 12:33 p.m.

CVE-2020-6239

2020-06-1012:33:30

sap

www.cve.org

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Under certain conditions SAP Business One (Backup service), versions 9.3, 10.0, allows an attacker with admin permissions to view SYSTEM user password in clear text, leading to Information Disclosure.

CNA Affected

[
  {
    "product": "SAP Business One (Backup service)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 9.3"
      },
      {
        "status": "affected",
        "version": "< 10.0"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2908382

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.7%

JSON

Related for CVELIST:CVE-2020-6239