← Back

CVE-2020-6275

nvd nist
Published: Jun 10, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.

Affected (13)

Sap
1 product
Netweaver Application Server Abap
Configuration A
13 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Application Server Abap
Version 700
Netweaver Application Server Abap
Version 701
Netweaver Application Server Abap
Version 702
Netweaver Application Server Abap
Version 710
Netweaver Application Server Abap
Version 711
Netweaver Application Server Abap
Version 730
Netweaver Application Server Abap
Version 731
Netweaver Application Server Abap
Version 740
Netweaver Application Server Abap
Version 750
Netweaver Application Server Abap
Version 751
Netweaver Application Server Abap
Version 752
Netweaver Application Server Abap
Version 753
Netweaver Application Server Abap
Version 754

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.