CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2020/11/10 4:14 p.m.•60 views

CVE-2020-26820

SAP NetWeaver AS Java remote code execution (CVE-2020-26820) affects SAP NetWeaver AS Java versions 7.20, 7.30, 7.31, 7.40, 7.50. An attacker authenticated as an administrator can use the administrator console to expose unauthenticated file-system access and upload a malicious file, enabling the ...

9.1CVSS7.2AI score0.03156EPSS

Exploits0References4Affected Software1

Hacker One•added 2020/11/06 3:23 p.m.•301 views

Acronis: CVE-2020-6287 https://redapi2.acronis.com

Hi team. Summary CVE-2020-6287 https://redapi2.acronis.com https://nvd.nist.gov/vuln/detail/CVE-2020-6287 SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute...

10CVSS0.1AI score0.94395EPSS

Exploits6

CVE•added 2020/10/15 2:3 a.m.•74 views

CVE-2020-6365

CVE-2020-6365 affects SAP NetWeaver AS Java (versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50). The issue is an unauthenticated remote redirect on Start Page caused by insufficient reverse tabnabbing URL validation, enabling phishing to trick users into visiting malicious sites or malware pages....

6.1CVSS6.4AI score0.00212EPSS

Cvelist•added 2020/08/12 1:51 p.m.•14 views

CVE-2020-6309

SAP NetWeaver AS JAVA, versions - ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11, does not perform any authentication checks for a web service allowing the attacker to send several payloads and leading to complete denial of service...

7.5CVSS7.6AI score0.0054EPSS

CVE•added 2020/08/12 1:51 p.m.•66 views

CVE-2020-6309

SAP NetWeaver AS JAVA (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; J2EE-FRMW 7.10, 7.11) is affected by CVE-2020-6309, where a web service fails to perform authentication checks, enabling an attacker to send multiple payloads and cause a denial of service. Impact is a network‑b...

7.8CVSS7.6AI score0.0054EPSS

Prion•added 2020/07/14 1:15 p.m.•23 views

Path traversal

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal...

5CVSS5.2AI score0.85681EPSS

Exploits3References2Affected Software1

Prion•added 2020/07/14 1:15 p.m.•19 views

Server side request forgery (ssrf)

SAP NetWeaver AS JAVA IIOP service SERVERCORE, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA IIOP service CORE-TOOLS, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. It is usually use...

5CVSS5.6AI score0.00137EPSS

Prion•added 2020/07/14 1:15 p.m.•37 views

Authentication flaw

SAP NetWeaver AS JAVA LM Configuration Wizard, versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

Exploits6References5Affected Software1

CVE•added 2020/07/14 12:30 p.m.•1258 views

CVE-2020-6287

CVE-2020-6287 affects SAP NetWeaver AS JAVA (LM Configuration Wizard) versions 7.30–7.50. The vulnerability is a missing authentication check that allows an unauthenticated attacker to execute configuration tasks and create an administrative user, thereby compromising Confidentiality, Integrity a...

In wildExploits6References6Affected Software1

CVE•added 2020/07/14 12:30 p.m.•244 views

CVE-2020-6286

Summary (CVE-2020-6286 / CVE-2020-6287) — SAP NetWeaver AS JAVA (LM Configuration Wizard) suffers two related issues. The LM Configuration Wizard (SAP NetWeaver AS JAVA, versions 7.30, 7.31, 7.40, 7.50) has insufficient input path validation that allows unauthenticated attackers to trigger a path...

5.3CVSS7AI score0.85681EPSS

Exploits3References2Affected Software1

The Hacker News•added 2020/07/14 7:17 a.m.•171 views

New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server AS Java platform, allowing an unauthenticated attacker to take control of SAP applications. The bug, dubbed RECON and tracked as CVE-2020-6287, is rated with a maximum CVSS sco...

10CVSS9.9AI score0.94395EPSS

Exploits6

ATTACKERKB•added 2020/07/14 12:0 a.m.•140 views

CVE-2020-6287: Critical Vulnerability in SAP NetWeaver Application Server (AS) Java

SAP NetWeaver AS JAVA LM Configuration Wizard, versions – 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create ...

In wildExploits6References6

ICS•added 2020/07/13 12:0 p.m.•66 views

Critical Vulnerability in SAP NetWeaver AS Java

Summary On July 13, 2020 EST, SAP released a security update to address a critical vulnerability, CVE-2020-6287, affecting the SAP NetWeaver Application Server AS Java component LM Configuration Wizard. An unauthenticated attacker can exploit this vulnerability through the Hypertext Transfer...

NVD•added 2020/06/10 1:15 p.m.•13 views

Exploits6References29

CVE-2020-6263

Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not perform any authentication checks for operations that...

9.8CVSS0.00224EPSS

CVE•added 2020/06/10 12:44 p.m.•60 views

CVE-2020-6263

CVE-2020-6263 affects SAP NetWeaver AS Java when standalone clients connect via P4 Protocol. Affected components include SAP-JEECOR (7.00, 7.01), SERVERCOR (7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), and CORE-TOOLS (7.00–7.50). The root cause is that, for operations requiring user identity, authe...

9.8CVSS9.5AI score0.00224EPSS

NVD•added 2020/04/14 7:15 p.m.•15 views

CVE-2020-6224

SAP NetWeaver AS Java HTTP Service, versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure...

6.2CVSS5.1AI score0.00264EPSS

Cvelist•added 2020/04/14 6:31 p.m.•14 views

CVE-2020-6224

4.5CVSS6.5AI score0.00264EPSS

CVE•added 2020/04/14 6:31 p.m.•59 views

CVE-2020-6224

CVE-2020-6224 affects SAP NetWeaver AS Java (HTTP Service). Affected versions are 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50. The vulnerability allows an attacker with administrator privileges to access user credentials (e.g., passwords) stored in trace files when a user logs in and sends login...

6.2CVSS6.4AI score0.00264EPSS

CVE•added 2020/02/12 7:46 p.m.•69 views

CVE-2020-6190

CVE-2020-6190 affects SAP NetWeaver AS Java (Heap Dump Application). Vulnerable endpoints in versions 7.30, 7.31, 7.40, 7.50 can disclose system information such as hostname, server node, and installation path. The underlying impact is information disclosure. The provided documents describe the a...

5.8CVSS5.4AI score0.00261EPSS