cvelistv5 - cve-2020-6275

CVE-2020-6275 (GCVE-0-2020-6275)

Vulnerability from cvelistv5 – Published: 2020-06-10 12:39 – Updated: 2024-08-04 08:55

Summary

SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.

Severity ?

7.6 (High)


                        
                          CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

Server Side Request Forgery

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2912939	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP Netweaver AS ABAP	Affected: < 700 Affected: < 701 Affected: < 702 Affected: < 710 Affected: < 711 Affected: < 730 Affected: < 731 Affected: < 740 Affected: < 750 Affected: < 751 Affected: < 752 Affected: < 753 Affected: < 754

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:55:22.250Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2912939"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Netweaver AS ABAP",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 700"
            },
            {
              "status": "affected",
              "version": "\u003c 701"
            },
            {
              "status": "affected",
              "version": "\u003c 702"
            },
            {
              "status": "affected",
              "version": "\u003c 710"
            },
            {
              "status": "affected",
              "version": "\u003c 711"
            },
            {
              "status": "affected",
              "version": "\u003c 730"
            },
            {
              "status": "affected",
              "version": "\u003c 731"
            },
            {
              "status": "affected",
              "version": "\u003c 740"
            },
            {
              "status": "affected",
              "version": "\u003c 750"
            },
            {
              "status": "affected",
              "version": "\u003c 751"
            },
            {
              "status": "affected",
              "version": "\u003c 752"
            },
            {
              "status": "affected",
              "version": "\u003c 753"
            },
            {
              "status": "affected",
              "version": "\u003c 754"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Server Side Request Forgery",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-06-10T12:39:02",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2912939"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Netweaver AS ABAP",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "700"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "701"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "702"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "710"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "711"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "730"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "731"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "740"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "750"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "751"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "752"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "753"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "754"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "7.6",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Server Side Request Forgery"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2912939",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2912939"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-6275",
    "datePublished": "2020-06-10T12:39:02",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T08:55:22.250Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17847B21-8BE6-4359-913B-B6592D37C655\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7777AA80-1608-420E-B7D5-09ABECD51728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D416C064-BB8A-4230-A761-84A93E017F79\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.\"}, {\"lang\": \"es\", \"value\": \"SAP Netweaver AS ABAP, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, son vulnerables a un ataque de tipo Server Side Request Forgery, donde un atacante puede usar nombres de ruta inapropiados que contienen nombres de servidores maliciosos en la funcionalidad de importaci\\u00f3n/exportaci\\u00f3n de sesiones y obligan al servidor web a autenticarse con el servidor malicioso. Adicionalmente, si NTLM est\\u00e1 configurado, el atacante puede comprometer la confidencialidad, integridad y disponibilidad de la base de datos de SAP\"}]",
      "id": "CVE-2020-6275",
      "lastModified": "2024-11-21T05:35:25.340",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV30\": [{\"source\": \"cna@sap.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 7.6, \"baseSeverity\": \"HIGH\", \"attackVector\": \"ADJACENT_NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"HIGH\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-06-10T13:15:18.667",
      "references": "[{\"url\": \"https://launchpad.support.sap.com/#/notes/2912939\", \"source\": \"cna@sap.com\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775\", \"source\": \"cna@sap.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://launchpad.support.sap.com/#/notes/2912939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Permissions Required\"]}, {\"url\": \"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cna@sap.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-918\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-6275\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2020-06-10T13:15:18.667\",\"lastModified\":\"2024-11-21T05:35:25.340\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.\"},{\"lang\":\"es\",\"value\":\"SAP Netweaver AS ABAP, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, son vulnerables a un ataque de tipo Server Side Request Forgery, donde un atacante puede usar nombres de ruta inapropiados que contienen nombres de servidores maliciosos en la funcionalidad de importaci\u00f3n/exportaci\u00f3n de sesiones y obligan al servidor web a autenticarse con el servidor malicioso. Adicionalmente, si NTLM est\u00e1 configurado, el atacante puede comprometer la confidencialidad, integridad y disponibilidad de la base de datos de SAP\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV30\":[{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":7.6,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98B2522A-B850-4EC2-B2F2-5EBF36801B39\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"706FEB9E-3EE9-405E-A8C9-733DAF68AC6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17847B21-8BE6-4359-913B-B6592D37C655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F1B47E4-C4E3-4D79-9048-EF6A82B8085E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5CC29738-CF17-4E6B-9C9E-879B17F7E001\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"127E508F-6CC1-41C8-96DF-8D14FFDD4020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7777AA80-1608-420E-B7D5-09ABECD51728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0539618A-1C4D-463F-B2BB-DD1C239C23EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62828DCD-F80E-4C7C-A988-EFEA06A5223E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9F38585-73AE-4DBB-A978-F0272DF8FB58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D416C064-BB8A-4230-A761-84A93E017F79\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/2912939\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://launchpad.support.sap.com/#/notes/2912939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-549

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAPUI5 (UI_700) version 200
SAP	N/A	SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Adaptive Server Enterprise versions 15.7 et 16.0
SAP	N/A	SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755
SAP	N/A	S/4HANA FIN PROD SUBLDGR version 100
SAP	N/A	SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	N/A	SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2
SAP	N/A	SAPUI5 (UISAPUI5_JAVA) version 7.50
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Solution Manager (User Experience Monitoring) version 7.2
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005
SAP	N/A	BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 08 septembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAPUI5 (UI_700) version 200",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Adaptive Server Enterprise versions 15.7 et 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA FIN PROD SUBLDGR version 100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client version 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (UISAPUI5_JAVA) version 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (User Experience Monitoring) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6328"
    },
    {
      "name": "CVE-2020-6282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6282"
    },
    {
      "name": "CVE-2020-6334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6334"
    },
    {
      "name": "CVE-2020-6351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6351"
    },
    {
      "name": "CVE-2020-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6296"
    },
    {
      "name": "CVE-2020-6349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6349"
    },
    {
      "name": "CVE-2020-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6359"
    },
    {
      "name": "CVE-2020-6341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6341"
    },
    {
      "name": "CVE-2020-6338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6338"
    },
    {
      "name": "CVE-2020-6207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6207"
    },
    {
      "name": "CVE-2020-6283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6283"
    },
    {
      "name": "CVE-2020-6343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6343"
    },
    {
      "name": "CVE-2020-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6335"
    },
    {
      "name": "CVE-2020-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6329"
    },
    {
      "name": "CVE-2020-6344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6344"
    },
    {
      "name": "CVE-2020-6318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6318"
    },
    {
      "name": "CVE-2020-6347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6347"
    },
    {
      "name": "CVE-2020-6357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6357"
    },
    {
      "name": "CVE-2020-6346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6346"
    },
    {
      "name": "CVE-2020-6348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6348"
    },
    {
      "name": "CVE-2020-6312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6312"
    },
    {
      "name": "CVE-2020-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6356"
    },
    {
      "name": "CVE-2020-6322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6322"
    },
    {
      "name": "CVE-2020-6325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6325"
    },
    {
      "name": "CVE-2020-6354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6354"
    },
    {
      "name": "CVE-2020-6320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6320"
    },
    {
      "name": "CVE-2020-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6288"
    },
    {
      "name": "CVE-2020-6333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6333"
    },
    {
      "name": "CVE-2020-6332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6332"
    },
    {
      "name": "CVE-2020-6311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6311"
    },
    {
      "name": "CVE-2020-6340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6340"
    },
    {
      "name": "CVE-2020-6317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6317"
    },
    {
      "name": "CVE-2020-6321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6321"
    },
    {
      "name": "CVE-2020-6355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6355"
    },
    {
      "name": "CVE-2020-6352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6352"
    },
    {
      "name": "CVE-2020-6350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6350"
    },
    {
      "name": "CVE-2020-6326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6326"
    },
    {
      "name": "CVE-2020-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6337"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6302"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-6353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6353"
    },
    {
      "name": "CVE-2020-6339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6339"
    },
    {
      "name": "CVE-2020-6330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6330"
    },
    {
      "name": "CVE-2020-6314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6314"
    },
    {
      "name": "CVE-2020-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6336"
    },
    {
      "name": "CVE-2020-6313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6313"
    },
    {
      "name": "CVE-2020-6358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6358"
    },
    {
      "name": "CVE-2020-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6345"
    },
    {
      "name": "CVE-2020-6360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6360"
    },
    {
      "name": "CVE-2020-6342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6342"
    },
    {
      "name": "CVE-2020-6331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6331"
    },
    {
      "name": "CVE-2020-6324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6324"
    },
    {
      "name": "CVE-2020-6361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6361"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2020-6327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6327"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-549",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 08 septembre 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
    }
  ]
}

CERTFR-2020-AVI-549

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAPUI5 (UI_700) version 200
SAP	N/A	SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Adaptive Server Enterprise versions 15.7 et 16.0
SAP	N/A	SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755
SAP	N/A	S/4HANA FIN PROD SUBLDGR version 100
SAP	N/A	SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50
SAP	N/A	SAP Business Client version 6.5
SAP	N/A	SAP 3D Visual Enterprise Viewer version 9
SAP	N/A	SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2
SAP	N/A	SAPUI5 (UISAPUI5_JAVA) version 7.50
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755
SAP	N/A	SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP Solution Manager (User Experience Monitoring) version 7.2
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005
SAP	N/A	BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500

References

Title

Publication Time

Tags

Bulletin de sécurité SAP du 08 septembre 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAPUI5 (UI_700) version 200",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Marketing (Mobile Channel Servlet) versions 130, 140 et 150",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Adaptive Server Enterprise versions 15.7 et 16.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPFiori (Launchpad) versions 750, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (BSP Test Application) versions 700,701,702,730,731,740,750,751,752,753,754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "S/4HANA FIN PROD SUBLDGR version 100",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (SAP_UI) versions 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (Knowledge Management) versions 7.30,7.31,7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Client version 6.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP 3D Visual Enterprise Viewer version 9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform (BI Workspace) versions 4.1 et 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAPUI5 (UISAPUI5_JAVA) version 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver (ABAP Server) et ABAP Platform versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 753 et 755",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS) versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (User Experience Monitoring) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811, 1905 et 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "BANKING SERVICES FROM SAP 9.0 (Bank Analyzer) version 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6328"
    },
    {
      "name": "CVE-2020-6282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6282"
    },
    {
      "name": "CVE-2020-6334",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6334"
    },
    {
      "name": "CVE-2020-6351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6351"
    },
    {
      "name": "CVE-2020-6296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6296"
    },
    {
      "name": "CVE-2020-6349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6349"
    },
    {
      "name": "CVE-2020-6359",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6359"
    },
    {
      "name": "CVE-2020-6341",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6341"
    },
    {
      "name": "CVE-2020-6338",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6338"
    },
    {
      "name": "CVE-2020-6207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6207"
    },
    {
      "name": "CVE-2020-6283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6283"
    },
    {
      "name": "CVE-2020-6343",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6343"
    },
    {
      "name": "CVE-2020-6335",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6335"
    },
    {
      "name": "CVE-2020-6329",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6329"
    },
    {
      "name": "CVE-2020-6344",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6344"
    },
    {
      "name": "CVE-2020-6318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6318"
    },
    {
      "name": "CVE-2020-6347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6347"
    },
    {
      "name": "CVE-2020-6357",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6357"
    },
    {
      "name": "CVE-2020-6346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6346"
    },
    {
      "name": "CVE-2020-6348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6348"
    },
    {
      "name": "CVE-2020-6312",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6312"
    },
    {
      "name": "CVE-2020-6356",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6356"
    },
    {
      "name": "CVE-2020-6322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6322"
    },
    {
      "name": "CVE-2020-6325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6325"
    },
    {
      "name": "CVE-2020-6354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6354"
    },
    {
      "name": "CVE-2020-6320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6320"
    },
    {
      "name": "CVE-2020-6288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6288"
    },
    {
      "name": "CVE-2020-6333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6333"
    },
    {
      "name": "CVE-2020-6332",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6332"
    },
    {
      "name": "CVE-2020-6311",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6311"
    },
    {
      "name": "CVE-2020-6340",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6340"
    },
    {
      "name": "CVE-2020-6317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6317"
    },
    {
      "name": "CVE-2020-6321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6321"
    },
    {
      "name": "CVE-2020-6355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6355"
    },
    {
      "name": "CVE-2020-6352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6352"
    },
    {
      "name": "CVE-2020-6350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6350"
    },
    {
      "name": "CVE-2020-6326",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6326"
    },
    {
      "name": "CVE-2020-6337",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6337"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6302"
    },
    {
      "name": "CVE-2020-11022",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11022"
    },
    {
      "name": "CVE-2020-6353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6353"
    },
    {
      "name": "CVE-2020-6339",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6339"
    },
    {
      "name": "CVE-2020-6330",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6330"
    },
    {
      "name": "CVE-2020-6314",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6314"
    },
    {
      "name": "CVE-2020-6336",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6336"
    },
    {
      "name": "CVE-2020-6313",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6313"
    },
    {
      "name": "CVE-2020-6358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6358"
    },
    {
      "name": "CVE-2020-6345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6345"
    },
    {
      "name": "CVE-2020-6360",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6360"
    },
    {
      "name": "CVE-2020-6342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6342"
    },
    {
      "name": "CVE-2020-6331",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6331"
    },
    {
      "name": "CVE-2020-6324",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6324"
    },
    {
      "name": "CVE-2020-6361",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6361"
    },
    {
      "name": "CVE-2020-11023",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11023"
    },
    {
      "name": "CVE-2020-6327",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6327"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-549",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-09-08T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP du 08 septembre 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700"
    }
  ]
}

CERTFR-2020-AVI-350

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP SuccessFactors Recruiting version 2005
SAP	N/A	SAP Solution Manager (Problem Context Manager) version 7.2
SAP	N/A	SAP Liquidity Management for Banking version 6.2
SAP	N/A	.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104
SAP	N/A	SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905
SAP	N/A	SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500
SAP	N/A	SAP Business Objects Business Intelligence Platform version 4.2
SAP	N/A	SAP Gateway versions 7.40 et 2.00
SAP	N/A	SAP Business One (Backup service) versions 9.3,et 10.0
SAP	N/A	SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E
SAP	N/A	SAP Gateway versions 7.5, 7.51, 7.52 et 7.53
SAP	N/A	SAP Solution Manager (Trace Analysis) version 7.20
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811 et 1905
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,

References

Title

Publication Time

Tags

Bulletin de sécurité SAP 547426775 du 09 juin 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP SuccessFactors Recruiting version 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Problem Context Manager) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Liquidity Management for Banking version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": ".30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform version 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.40 et 2.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One (Backup service) versions 9.3,et 10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.5, 7.51, 7.52 et 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Trace Analysis) version 7.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6266"
    },
    {
      "name": "CVE-2020-6246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6246"
    },
    {
      "name": "CVE-2020-6263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6263"
    },
    {
      "name": "CVE-2020-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6271"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2020-6268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6268"
    },
    {
      "name": "CVE-2019-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0319"
    },
    {
      "name": "CVE-2020-6264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6264"
    },
    {
      "name": "CVE-2020-6279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6279"
    },
    {
      "name": "CVE-2020-6269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6269"
    },
    {
      "name": "CVE-2020-6270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6270"
    },
    {
      "name": "CVE-2020-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
    },
    {
      "name": "CVE-2020-6239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6239"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6260"
    },
    {
      "name": "CVE-2020-6265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6265"
    },
    {
      "name": "CVE-2018-1000632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-350",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 547426775 du 09 juin 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
    }
  ]
}

CERTFR-2020-AVI-350

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SAP	N/A	SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754
SAP	N/A	SAP SuccessFactors Recruiting version 2005
SAP	N/A	SAP Solution Manager (Problem Context Manager) version 7.2
SAP	N/A	SAP Liquidity Management for Banking version 6.2
SAP	N/A	.30, 7.31, 7.40 et 7.50
SAP	N/A	SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104
SAP	N/A	SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905
SAP	N/A	SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500
SAP	N/A	SAP Business Objects Business Intelligence Platform version 4.2
SAP	N/A	SAP Gateway versions 7.40 et 2.00
SAP	N/A	SAP Business One (Backup service) versions 9.3,et 10.0
SAP	N/A	SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E
SAP	N/A	SAP Gateway versions 7.5, 7.51, 7.52 et 7.53
SAP	N/A	SAP Solution Manager (Trace Analysis) version 7.20
SAP	N/A	SAP Commerce versions 6.7, 1808, 1811 et 1905
SAP	SAP NetWeaver AS Java	SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,

References

Title

Publication Time

Tags

Bulletin de sécurité SAP 547426775 du 09 juin 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SAP NetWeaver AS ABAP (Business Server Pages Test Application SBSPEXT_TABLE) versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Netweaver AS ABAP versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753 et 754",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP SuccessFactors Recruiting version 2005",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Problem Context Manager) version 7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Liquidity Management for Banking version 6.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": ".30, 7.31, 7.40 et 7.50",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP ERP (Statutory Reporting for Insurance Companies) versions EA-FINSERV 600, 603, 604, 605, 606, 616, 617, 618 et 800; S4CORE 101, 102, 103 et 104",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce (Data Hub) versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Fiori pour SAP S/4HANA versions 200, 300, 400 et 500",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business Objects Business Intelligence Platform version 4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.40 et 2.00",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Business One (Backup service) versions 9.3,et 10.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS ABAP (Banking Services) versions 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D et 75E",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Gateway versions 7.5, 7.51, 7.52 et 7.53",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Solution Manager (Trace Analysis) version 7.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP Commerce versions 6.7, 1808, 1811 et 1905",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    },
    {
      "description": "SAP NetWeaver AS JAVA (P4 Protocol) versions SAP-JEECOR 7.00 et 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7.31, 7.40 et 7.50; CORE-TOOLS 7.00, 7.01, 7.02, 7.05, 7.10, 7.11, 7.20,",
      "product": {
        "name": "SAP NetWeaver AS Java",
        "vendor": {
          "name": "SAP",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-6266",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6266"
    },
    {
      "name": "CVE-2020-6246",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6246"
    },
    {
      "name": "CVE-2020-6263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6263"
    },
    {
      "name": "CVE-2020-6271",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6271"
    },
    {
      "name": "CVE-2019-17571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
    },
    {
      "name": "CVE-2020-6268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6268"
    },
    {
      "name": "CVE-2019-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0319"
    },
    {
      "name": "CVE-2020-6264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6264"
    },
    {
      "name": "CVE-2020-6279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6279"
    },
    {
      "name": "CVE-2020-6269",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6269"
    },
    {
      "name": "CVE-2020-6270",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6270"
    },
    {
      "name": "CVE-2020-1938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-1938"
    },
    {
      "name": "CVE-2020-6239",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6239"
    },
    {
      "name": "CVE-2020-6275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6275"
    },
    {
      "name": "CVE-2020-6260",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6260"
    },
    {
      "name": "CVE-2020-6265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-6265"
    },
    {
      "name": "CVE-2018-1000632",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-1000632"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-350",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-06-09T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits SAP.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits SAP",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 SAP 547426775 du 09 juin 2020",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
    }
  ]
}

GHSA-M3X5-X584-4RHH

Vulnerability from github – Published: 2022-05-24 17:20 – Updated: 2022-10-06 00:00

Details

Severity ?

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-6275"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-06-10T13:15:00Z",
    "severity": "MODERATE"
  },
  "details": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.",
  "id": "GHSA-m3x5-x584-4rhh",
  "modified": "2022-10-06T00:00:57Z",
  "published": "2022-05-24T17:20:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6275"
    },
    {
      "type": "WEB",
      "url": "https://launchpad.support.sap.com/#/notes/2912939"
    },
    {
      "type": "WEB",
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2020-6275

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-6275

Aliases

CVE-2020-6275

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-6275",
    "description": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.",
    "id": "GSD-2020-6275"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-6275"
      ],
      "details": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database.",
      "id": "GSD-2020-6275",
      "modified": "2023-12-13T01:21:54.731654Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cna@sap.com",
        "ID": "CVE-2020-6275",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SAP Netweaver AS ABAP",
                    "version": {
                      "version_data": [
                        {
                          "version_name": "\u003c",
                          "version_value": "700"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "701"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "702"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "710"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "711"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "730"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "731"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "740"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "750"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "751"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "752"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "753"
                        },
                        {
                          "version_name": "\u003c",
                          "version_value": "754"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SAP SE"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database."
          }
        ]
      },
      "impact": {
        "cvss": {
          "baseScore": "7.6",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Server Side Request Forgery"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
            "refsource": "MISC",
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
          },
          {
            "name": "https://launchpad.support.sap.com/#/notes/2912939",
            "refsource": "MISC",
            "url": "https://launchpad.support.sap.com/#/notes/2912939"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6275"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-918"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://launchpad.support.sap.com/#/notes/2912939",
              "refsource": "MISC",
              "tags": [
                "Permissions Required"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2912939"
            },
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-10-05T14:16Z",
      "publishedDate": "2020-06-10T13:15Z"
    }
  }
}

VAR-202006-1351

Vulnerability from variot - Updated: 2022-05-04 09:09

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202006-1351",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "731"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "700"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "711"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "730"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "751"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "753"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "752"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "750"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "740"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "702"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "754"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "710"
      },
      {
        "model": "netweaver as abap",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "sap",
        "version": "701"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "700"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "701"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "702"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "710"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "711"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "730"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "731"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "740"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "750"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "751"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "752"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "753"
      },
      {
        "model": "netweaver application server abap",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "sap",
        "version": "754"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:700:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:701:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:702:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:710:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:711:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:730:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "cve": "CVE-2020-6275",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-6275",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 6.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006602",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2020-6275",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-006602",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2020-6275",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-006602",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202006-619",
            "trust": 0.6,
            "value": "CRITICAL"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database. SAP Netweaver AS ABAP Contains a server-side request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-6275",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602",
        "trust": 0.8
      },
      {
        "db": "NSFOCUS",
        "id": "50350",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "id": "VAR-202006-1351",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.19642857
  },
  "last_update_date": "2022-05-04T09:09:02.626000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "SAP Security Patch Day - June 2020",
        "trust": 0.8,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775"
      },
      {
        "title": "SAP NetWeaver AS ABAP Fixes for code issue vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=121795"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-918",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.6,
        "url": "https://launchpad.support.sap.com/#/notes/2912939"
      },
      {
        "trust": 1.6,
        "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=547426775"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-6275"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-6275"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-june-2020-32470"
      },
      {
        "trust": 0.6,
        "url": "http://www.nsfocus.net/vulndb/50350"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "date": "2020-06-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      },
      {
        "date": "2020-06-10T13:15:00",
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-07-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      },
      {
        "date": "2020-11-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      },
      {
        "date": "2020-06-16T14:57:00",
        "db": "NVD",
        "id": "CVE-2020-6275"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SAP Netweaver AS ABAP Server-Side Request Forgery Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-006602"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "code problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202006-619"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2020-6275

Vulnerability from fkie_nvd - Published: 2020-06-10 13:15 - Updated: 2024-11-21 05:35

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/2912939	Permissions Required
cna@sap.com	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2912939	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	netweaver_application_server_abap	700
sap	netweaver_application_server_abap	701
sap	netweaver_application_server_abap	702
sap	netweaver_application_server_abap	710
sap	netweaver_application_server_abap	711
sap	netweaver_application_server_abap	730
sap	netweaver_application_server_abap	731
sap	netweaver_application_server_abap	740
sap	netweaver_application_server_abap	750
sap	netweaver_application_server_abap	751
sap	netweaver_application_server_abap	752
sap	netweaver_application_server_abap	753
sap	netweaver_application_server_abap	754

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
              "matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:710:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B5BF1EC-C2A6-486B-8E63-0A7ED431C1F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:711:*:*:*:*:*:*:*",
              "matchCriteriaId": "17847B21-8BE6-4359-913B-B6592D37C655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:730:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F1B47E4-C4E3-4D79-9048-EF6A82B8085E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
              "matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
              "matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
              "matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
              "matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
              "matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request Forgery Attack where in an attacker can use inappropriate path names containing malicious server names in the import/export of sessions functionality and coerce the web server into authenticating with the malicious server. Furthermore, if NTLM is setup the attacker can compromise confidentiality, integrity and availability of the SAP database."
    },
    {
      "lang": "es",
      "value": "SAP Netweaver AS ABAP, versiones 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, son vulnerables a un ataque de tipo Server Side Request Forgery, donde un atacante puede usar nombres de ruta inapropiados que contienen nombres de servidores maliciosos en la funcionalidad de importaci\u00f3n/exportaci\u00f3n de sesiones y obligan al servidor web a autenticarse con el servidor malicioso. Adicionalmente, si NTLM est\u00e1 configurado, el atacante puede comprometer la confidencialidad, integridad y disponibilidad de la base de datos de SAP"
    }
  ],
  "id": "CVE-2020-6275",
  "lastModified": "2024-11-21T05:35:25.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0,
        "source": "cna@sap.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-10T13:15:18.667",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2912939"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2912939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2021-25381

Vulnerability from cnvd - Published: 2021-04-07

Title

SAP Netweaver AS ABAP存在未明漏洞

Description

SAP Netweaver是德国思爱普（SAP）公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。ABAP是一款运行于NetWeaver中且基于ABAP高级编程语言的应用服务器。 SAP Netweaver AS ABAP中存在安全漏洞。攻击者可借助特制路径名利用该漏洞影响SAP数据库的保密性、完整性和可用性。

Severity

中

Patch Name

SAP Netweaver AS ABAP存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Reference

https://launchpad.support.sap.com/#/notes/2912939

Impacted products

Name
['SAP SAP NetWeaver AS ABAP 700', 'SAP SAP NetWeaver AS ABAP 701', 'SAP SAP NetWeaver AS ABAP 702', 'SAP SAP NetWeaver AS ABAP 730', 'SAP SAP NetWeaver AS ABAP 731', 'SAP SAP NetWeaver AS ABAP 740', 'SAP SAP NetWeaver AS ABAP 750', 'SAP SAP NetWeaver AS ABAP 751', 'SAP SAP NetWeaver AS ABAP 752', 'SAP SAP NetWeaver AS ABAP 753', 'SAP SAP NetWeaver AS ABAP 754', 'SAP SAP NetWeaver AS ABAP 710', 'SAP SAP NetWeaver AS ABAP 711']

Name

['SAP SAP NetWeaver AS ABAP 700', 'SAP SAP NetWeaver AS ABAP 701', 'SAP SAP NetWeaver AS ABAP 702', 'SAP SAP NetWeaver AS ABAP 730', 'SAP SAP NetWeaver AS ABAP 731', 'SAP SAP NetWeaver AS ABAP 740', 'SAP SAP NetWeaver AS ABAP 750', 'SAP SAP NetWeaver AS ABAP 751', 'SAP SAP NetWeaver AS ABAP 752', 'SAP SAP NetWeaver AS ABAP 753', 'SAP SAP NetWeaver AS ABAP 754', 'SAP SAP NetWeaver AS ABAP 710', 'SAP SAP NetWeaver AS ABAP 711']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6275"
    }
  },
  "description": "SAP Netweaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002ABAP\u662f\u4e00\u6b3e\u8fd0\u884c\u4e8eNetWeaver\u4e2d\u4e14\u57fa\u4e8eABAP\u9ad8\u7ea7\u7f16\u7a0b\u8bed\u8a00\u7684\u5e94\u7528\u670d\u52a1\u5668\u3002\n\nSAP Netweaver AS ABAP\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8def\u5f84\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cdSAP\u6570\u636e\u5e93\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-25381",
  "openTime": "2021-04-07",
  "patchDescription": "SAP Netweaver\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u9762\u5411\u670d\u52a1\u7684\u96c6\u6210\u5316\u5e94\u7528\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u4e3b\u8981\u4e3aSAP\u5e94\u7528\u7a0b\u5e8f\u63d0\u4f9b\u5f00\u53d1\u548c\u8fd0\u884c\u73af\u5883\u3002ABAP\u662f\u4e00\u6b3e\u8fd0\u884c\u4e8eNetWeaver\u4e2d\u4e14\u57fa\u4e8eABAP\u9ad8\u7ea7\u7f16\u7a0b\u8bed\u8a00\u7684\u5e94\u7528\u670d\u52a1\u5668\u3002\r\n\r\nSAP Netweaver AS ABAP\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u7279\u5236\u8def\u5f84\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u5f71\u54cdSAP\u6570\u636e\u5e93\u7684\u4fdd\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Netweaver AS ABAP\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP NetWeaver AS ABAP 700",
      "SAP SAP NetWeaver AS ABAP 701",
      "SAP SAP NetWeaver AS ABAP 702",
      "SAP SAP NetWeaver AS ABAP 730",
      "SAP SAP NetWeaver AS ABAP 731",
      "SAP SAP NetWeaver AS ABAP 740",
      "SAP SAP NetWeaver AS ABAP 750",
      "SAP SAP NetWeaver AS ABAP 751",
      "SAP SAP NetWeaver AS ABAP 752",
      "SAP SAP NetWeaver AS ABAP 753",
      "SAP SAP NetWeaver AS ABAP 754",
      "SAP SAP NetWeaver AS ABAP 710",
      "SAP SAP NetWeaver AS ABAP 711"
    ]
  },
  "referenceLink": "https://launchpad.support.sap.com/#/notes/2912939",
  "serverity": "\u4e2d",
  "submitTime": "2020-06-11",
  "title": "SAP Netweaver AS ABAP\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-6275 (GCVE-0-2020-6275)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature