Lucene search

SapCVELIST:CVE-2020-6263

HistoryJun 10, 2020 - 12:44 p.m.

CVE-2020-6263

2020-06-1012:44:43

sap

www.cve.org

CVSS3

6.9

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50) do not perform any authentication checks for operations that require user identity leading to Authentication Bypass.

CNA Affected

[
  {
    "product": "SAP NetWeaver AS JAVA",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< SAP-JEECOR 7.00"
      },
      {
        "status": "affected",
        "version": "< 7.01 SERVERCOR 7.10"
      },
      {
        "status": "affected",
        "version": "< 7.11"
      },
      {
        "status": "affected",
        "version": "< 7.20"
      },
      {
        "status": "affected",
        "version": "< 7.30"
      },
      {
        "status": "affected",
        "version": "< 7.31"
      },
      {
        "status": "affected",
        "version": "< 7.40"
      },
      {
        "status": "affected",
        "version": "< 7.50 CORE-TOOLS 7.00"
      },
      {
        "status": "affected",
        "version": "< 7.01"
      },
      {
        "status": "affected",
        "version": "< 7.02"
      },
      {
        "status": "affected",
        "version": "< 7.05"
      },
      {
        "status": "affected",
        "version": "< 7.10"
      },
      {
        "status": "affected",
        "version": "< 7.50"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2878568

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

CVSS3

6.9

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H

AI Score

9.7

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Related for CVELIST:CVE-2020-6263