Lucene search

[email protected]NVD:CVE-2020-6318

HistorySep 09, 2020 - 1:15 p.m.

CVE-2020-6318

2020-09-0913:15:12

CWE-94

[email protected]

web.nvd.nist.gov

sap netweaver

abap server

code injection

complete control

general fault

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.06

Percentile

93.5%

JSON

A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABAP Server, up to release 7.40) and ABAP Platform (> release 7.40).Because of this, an attacker can exploit these products via Code Injection, and potentially enabling to take complete control of the products, including viewing, changing, or deleting data by injecting code into the working memory which is subsequently executed by the application. It can also be used to cause a general fault in the product, causing the products to terminate.

Affected configurations

Nvd

Node

sapabap_platformMatch700

sapabap_platformMatch701

sapabap_platformMatch702

sapabap_platformMatch710

sapabap_platformMatch711

sapabap_platformMatch730

sapabap_platformMatch731

sapabap_platformMatch740

sapabap_platformMatch750

sapabap_platformMatch751

sapabap_platformMatch753

sapabap_platformMatch754

sapabap_platformMatch755

VendorProductVersionCPE
sapabap_platform700cpe:2.3:a:sap:abap_platform:700:*:*:*:*:*:*:*
sapabap_platform701cpe:2.3:a:sap:abap_platform:701:*:*:*:*:*:*:*
sapabap_platform702cpe:2.3:a:sap:abap_platform:702:*:*:*:*:*:*:*
sapabap_platform710cpe:2.3:a:sap:abap_platform:710:*:*:*:*:*:*:*
sapabap_platform711cpe:2.3:a:sap:abap_platform:711:*:*:*:*:*:*:*
sapabap_platform730cpe:2.3:a:sap:abap_platform:730:*:*:*:*:*:*:*
sapabap_platform731cpe:2.3:a:sap:abap_platform:731:*:*:*:*:*:*:*
sapabap_platform740cpe:2.3:a:sap:abap_platform:740:*:*:*:*:*:*:*
sapabap_platform750cpe:2.3:a:sap:abap_platform:750:*:*:*:*:*:*:*
sapabap_platform751cpe:2.3:a:sap:abap_platform:751:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	abap_platform	700	cpe:2.3:a:sap:abap_platform:700:::::::*
sap	abap_platform	701	cpe:2.3:a:sap:abap_platform:701:::::::*
sap	abap_platform	702	cpe:2.3:a:sap:abap_platform:702:::::::*
sap	abap_platform	710	cpe:2.3:a:sap:abap_platform:710:::::::*
sap	abap_platform	711	cpe:2.3:a:sap:abap_platform:711:::::::*
sap	abap_platform	730	cpe:2.3:a:sap:abap_platform:730:::::::*
sap	abap_platform	731	cpe:2.3:a:sap:abap_platform:731:::::::*
sap	abap_platform	740	cpe:2.3:a:sap:abap_platform:740:::::::*
sap	abap_platform	750	cpe:2.3:a:sap:abap_platform:750:::::::*
sap	abap_platform	751	cpe:2.3:a:sap:abap_platform:751:::::::*

Rows per page:

1-10 of 131

References

packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html

seclists.org/fulldisclosure/2022/May/42

launchpad.support.sap.com/#/notes/2958563

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.06

Percentile

93.5%

JSON

Related for NVD:CVE-2020-6318

prion1 cve1 cvelist1 packetstorm1