CVE-2020-6310

Published: Aug 12, 2020Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Improper access control in SOA Configuration Trace component in SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 702, 730, 731, 740, 750, allows any authenticated user to enumerate all SAP users, leading to Information Disclosure.

Affected (22)

Products: Sap: Abap Platform, Netweaver Application Server Abap

Sap

2 products

Abap Platform

Netweaver Application Server Abap

Configuration A

22 vulnerable

Vulnerable Software	Affected Versions
Sap Abap Platform	Version 7.31
Sap Abap Platform	Version 7.40
Sap Abap Platform	Version 7.50
Sap Abap Platform	Version 700
Sap Abap Platform	Version 701
Sap Abap Platform	Version 702
Sap Abap Platform	Version 710
Sap Abap Platform	Version 711
Sap Abap Platform	Version 751
Sap Abap Platform	Version 753
Sap Abap Platform	Version 755
Sap Netweaver Application Server Abap	Version 700
Sap Netweaver Application Server Abap	Version 701
Sap Netweaver Application Server Abap	Version 702
Sap Netweaver Application Server Abap	Version 710
Sap Netweaver Application Server Abap	Version 711
Sap Netweaver Application Server Abap	Version 731
Sap Netweaver Application Server Abap	Version 740
Sap Netweaver Application Server Abap	Version 750
Sap Netweaver Application Server Abap	Version 751
Sap Netweaver Application Server Abap	Version 753
Sap Netweaver Application Server Abap	Version 755

References (4)

https://launchpad.support.sap.com/#/notes/2944988

Source: cna@sap.com

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2944988

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.