Vulnerabilites related to SAP SE - SAP NetWeaver AS Java (HTTP Service)
cve-2020-6224
Vulnerability from cvelistv5
Published
2020-04-14 18:31
Modified
2024-08-04 08:55
Severity ?
EPSS score ?
Summary
SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.
References
▼ | URL | Tags |
---|---|---|
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202 | x_refsource_MISC | |
https://launchpad.support.sap.com/#/notes/2826528 | x_refsource_MISC |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | SAP SE | SAP NetWeaver AS Java (HTTP Service) |
Version: < 7.10 Version: < 7.11 Version: < 7.20 Version: < 7.30 Version: < 7.31 Version: < 7.40 Version: < 7.50 |
|
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T08:55:22.154Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://launchpad.support.sap.com/#/notes/2826528", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "SAP NetWeaver AS Java (HTTP Service)", vendor: "SAP SE", versions: [ { status: "affected", version: "< 7.10", }, { status: "affected", version: "< 7.11", }, { status: "affected", version: "< 7.20", }, { status: "affected", version: "< 7.30", }, { status: "affected", version: "< 7.31", }, { status: "affected", version: "< 7.40", }, { status: "affected", version: "< 7.50", }, ], }, ], descriptions: [ { lang: "en", value: "SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-04-14T18:31:46", orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", shortName: "sap", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { tags: [ "x_refsource_MISC", ], url: "https://launchpad.support.sap.com/#/notes/2826528", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cna@sap.com", ID: "CVE-2020-6224", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "SAP NetWeaver AS Java (HTTP Service)", version: { version_data: [ { version_name: "<", version_value: "7.10", }, { version_name: "<", version_value: "7.11", }, { version_name: "<", version_value: "7.20", }, { version_name: "<", version_value: "7.30", }, { version_name: "<", version_value: "7.31", }, { version_name: "<", version_value: "7.40", }, { version_name: "<", version_value: "7.50", }, ], }, }, ], }, vendor_name: "SAP SE", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker with administrator privileges to access user sensitive data such as passwords in trace files, when the user logs in and sends request with login credentials, leading to Information Disclosure.", }, ], }, impact: { cvss: { baseScore: "6.2", vectorString: "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Information Disclosure", }, ], }, ], }, references: { reference_data: [ { name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", refsource: "MISC", url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202", }, { name: "https://launchpad.support.sap.com/#/notes/2826528", refsource: "MISC", url: "https://launchpad.support.sap.com/#/notes/2826528", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd", assignerShortName: "sap", cveId: "CVE-2020-6224", datePublished: "2020-04-14T18:31:46", dateReserved: "2020-01-08T00:00:00", dateUpdated: "2024-08-04T08:55:22.154Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }