Lucene search

[email protected]NVD:CVE-2020-6181

HistoryFeb 12, 2020 - 8:15 p.m.

CVE-2020-6181

2020-02-1220:15:13

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

38.9%

JSON

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

Affected configurations

NVD

Node

sapabap_platformMatch7.50

sapabap_platformMatch7.51

sapabap_platformMatch7.52

sapabap_platformMatch7.53

sapabap_platformMatch7.54

sapnetweaverMatch7.02

sapnetweaverMatch7.30

sapnetweaverMatch7.31

sapnetweaverMatch7.40

References

launchpad.support.sap.com/#/notes/2880744

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

5.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

38.9%

JSON

Related for NVD:CVE-2020-6181

cve1 prion1 cvelist1