CVE-2020-6181

Published: Feb 12, 2020Modified: Nov 21, 2024

5.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Under some circumstances the SAML SSO implementation in the SAP NetWeaver (SAP_BASIS versions 702, 730, 731, 740 and SAP ABAP Platform (SAP_BASIS versions 750, 751, 752, 753, 754), allows an attacker to include invalidated data in the HTTP response header sent to a Web user, leading to HTTP Response Splitting vulnerability.

Affected (9)

Products: Sap: Abap Platform, Netweaver

Sap

2 products

Abap Platform

Netweaver

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Sap Abap Platform	Version 7.50
Sap Abap Platform	Version 7.51
Sap Abap Platform	Version 7.52
Sap Abap Platform	Version 7.53
Sap Abap Platform	Version 7.54
Sap Netweaver	Version 7.02
Sap Netweaver	Version 7.30
Sap Netweaver	Version 7.31
Sap Netweaver	Version 7.40

References (4)

https://launchpad.support.sap.com/#/notes/2880744

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2880744

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.