CVE-2020-6299

Published: Aug 12, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 751, 752, 753, 754, 755, allows a business user to access the list of users in the given system using value help, leading to Information Disclosure.

Affected (12)

Products: Sap: Abap Platform, Netweaver Application Server Abap

Sap

2 products

Abap Platform

Netweaver Application Server Abap

Configuration A

12 vulnerable

Vulnerable Software	Affected Versions
Sap Abap Platform	Version 740
Sap Abap Platform	Version 750
Sap Abap Platform	Version 751
Sap Abap Platform	Version 753
Sap Abap Platform	Version 754
Sap Abap Platform	Version 755
Sap Netweaver Application Server Abap	Version 740
Sap Netweaver Application Server Abap	Version 750
Sap Netweaver Application Server Abap	Version 751
Sap Netweaver Application Server Abap	Version 753
Sap Netweaver Application Server Abap	Version 754
Sap Netweaver Application Server Abap	Version 755

References (4)

https://launchpad.support.sap.com/#/notes/2941510

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2941510

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.