Vulnerabilites related to SAP SE - SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)
cve-2020-6215
Vulnerability from cvelistv5
Published
2020-04-14 00:00
Modified
2024-08-04 08:55
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP SE | SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00) |
Version: < 700 Version: < 701 Version: < 702 Version: < 730 Version: < 731 Version: < 740 Version: < 750 Version: < 751 Version: < 752 Version: < 753 Version: < 754 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:55:22.077Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { tags: [ "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/2872782", }, { name: "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)", tags: [ "mailing-list", "x_transferred", ], url: "http://seclists.org/fulldisclosure/2023/Oct/13", }, { tags: [ "x_transferred", ], url: "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP NetWeaver AS ABAP (Business Server Pages Test Application IT00)", vendor: "SAP SE", versions: [ { status: "affected", version: "< 700", }, { status: "affected", version: "< 701", }, { status: "affected", version: "< 702", }, { status: "affected", version: "< 730", }, { status: "affected", version: "< 731", }, { status: "affected", version: "< 740", }, { status: "affected", version: "< 750", }, { status: "affected", version: "< 751", }, { status: "affected", version: "< 752", }, { status: "affected", version: "< 753", }, { status: "affected", version: "< 754", }, ], }, ], descriptions: [ { lang: "en", value: "SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "URL Redirection", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-10-06T16:06:17.300393", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { url: "https://launchpad.support.sap.com/#/notes/2872782", }, { name: "20231005 SEC Consult SA-20231005 :: Open Redirect in SAP BSP Test Application it00 (Bypass for CVE-2020-6215 Patch)", tags: [ "mailing-list", ], url: "http://seclists.org/fulldisclosure/2023/Oct/13", }, { url: "http://packetstormsecurity.com/files/174985/SAP-Application-Server-ABAP-Open-Redirection.html", }, ], }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2020-6215", datePublished: "2020-04-14T00:00:00", dateReserved: "2020-01-08T00:00:00", dateUpdated: "2024-08-04T08:55:22.077Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }